Analyzing...
|
File Name:   220_111
SHA1:   37271fcd264990cd2d205b28605156405d45fd66
MD5:   0b864f8b96fd7174e9ed1455d8cc15d4
First Seen Date:  2016-03-19 20:46:56.859670 ( )
Number of Clients Seen:   7
Last Analysis Date:  2016-04-10 10:00:39.489993 ( )
Human Expert Analysis Date:  2016-03-22 09:08:54.416691 ( )Human Expert Analysis Result:   Clean
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2016-04-10 10:00:39.489993 | Clean | |
Static Analysis Overall Verdict | 2016-04-10 10:00:39.489993 | Highly Suspicious | |
Dynamic Analysis Overall Verdict | 2016-04-10 10:00:39.489993 | No Threat Found | help |
Human Expert Analysis Overall Verdict | 2016-03-22 09:08:54.416691 | Clean |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Clean | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Suspicious | |
Packer detection on signature database | Unknown | help |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Suspicious |
Anti-debug calls
UnhandledExceptionFilter
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Opens a file in a system directory | |
Uses a function clandestinely | |
Downloads data from internet |
Behavioral Information
cc000c
cc001c
cc0010
cc0028
cc0034
cc0040
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-win-core-fibers-l1-1-1
advapi32
api-ms-win-core-localization-l1-2-1
USER32.dll
msi.dll
VERSION.dll
C:\sample
SHELL32.dll
Comctl32.dll
API-MS-Win-Security-SDDL-L1-1-0.dll
IMM32.dll
ADVAPI32.dll
Secur32.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
comctl32.dll
UxTheme.dll
ole32.dll
WindowsCodecs.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
CRYPTBASE.dll
WININET.dll
Normaliz.dll
WINHTTP.dll
ntdll.dll
C:\Windows\system32\ole32.dll
C:\Windows\system32\uxtheme.dll
dwmapi.dll
atiadlxx.dll
atiadlxy.dll
imm32.dll
C:\Windows\system32\setupapi.dll
propsys.dll
ntmarta.dll
C:\Windows\system32\ExplorerFrame.dll
COMCTL32
KERNEL32
C:\Windows\syswow64\MSCTF.dll
OLEAUT32.DLL
dcsupt32.dll
uxtheme.dll
comctl32
kernel32.dll
user32.dll
wininet.dll
urlmon.dll
shell32.dll
shlwapi.dll
oleaut32.dll
comdlg32.dll
advapi32.dll
psapi.dll
CRYPTSP.dll
SXS.DLL
api-ms-win-downlevel-ole32-l1-1-0.dll
api-ms-win-downlevel-advapi32-l2-1-0.dll
WS2_32.dll
winhttp.dll
IPHLPAPI.DLL
api-ms-win-downlevel-shlwapi-l2-1-0.dll
DNSAPI.dll
dhcpcsvc.DLL
OLEAUT32.dll
SHLWAPI.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
mscoree.dll
ntdll
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
AdvApi32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
KERNEL32.DLL
SETUPAPI.dll
KERNEL32.dll
GDI32.dll
COMCTL32.dll
ws2_32.dll
inetmib1.dll
snmpapi.dll
rpcrt4.dll
SHFOLDER
C:\Users\win7\AppData\Local\Temp\nst988A.tmp\System.dll
ptRes.dll
ptSknMgr.dll
C:\wbxtrace.dll
RICHED20.DLL
C:\Windows\system32\msi.dll
\\?\C:\Users\win7\AppData\Roaming\Netspy Pro-2.0.5386.26226\install\decoder.dll
riched32.dll
riched20.dll
C:\Windows\system32\MSI.DLL
C:\instmsi.exe
C:\Windows\system32\kernel32.dll
SspiCli.dll
C:\Users\win7\AppData\Local\Temp\is-ACEED.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-ACEED.tmp\sample.EN
imageres.dll
api-ms-win-appmodel-runtime-l1-1-1
ext-ms-win-kernel32-package-current-l1-1-0
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
OLEACCRC.DLL
COMDLG32.DLL
msvcrt.dll
WININET.DLL
Riched20
dbghelp.dll
C:\Windows\System32\msxml3r.dll
C:\ophookSE2.dll
olepro32.dll
api-ms-win-security-systemfunctions-l1-1-0
C:\Users\win7\AppData\Local\Temp\juvJb444ud.tmp\htmlayout.dll
OLEACC.dll
WINMM.dll
secur32.dll
imagehlp.dll
C:\sampleENU.dll
C:\sampleLOC.dll
Iphlpapi.dll
RICHED32.DLL
c:\program files\internet explorer\iexplore.exe
ADVAPI32.DLL
C:\Users\win7\AppData\Local\Temp\nsbBCA6.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsbBCA6.tmp\CityHash.dll
wtsapi32.dll
WINSTA.dll
RPCRT4.dll
mscms.dll
C:\Users\win7\AppData\Local\Temp\is-9RJFR.tmp\_isetup\_shfoldr.dll
shfolder.dll
Rstrtmgr.dll
C:\Users\win7\AppData\Local\Temp\is-17BMU.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-17BMU.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-S02JH.tmp\_isetup\_shfoldr.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
msimg32.dll
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\_isetup\_isdecmp.dll
C:\Windows\SysWOW64\bcryptprimitives.dll
gdi32.dll
user32
gdi32
GDI32
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\ISDone.dll
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\isslideshow.dll
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\isslideshow.ENU
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\isslideshow.EN
winmm.dll
C:\Windows\system32\ws2_32
Win31FileSystem
MID
SusClientId
AppUserIdleTimerInterval
AppUserIdleResetInterval
RulesXmlDir
AllowConsecutiveSlashesInUrlPathComponent
UID
SendCustomerData
VersionToReport
CDNBaseUrl
ClientVersionToReport
ClientFolder
recoverydata
Disable
DataFilePath
Plane1
Plane2
Plane3
Plane4
Plane5
Plane6
Plane7
Plane8
Plane9
Plane10
Plane11
Plane12
Plane13
Plane14
Plane15
Plane16
MS Shell Dlg 2
SkinFolder
Version
COM+Enabled
JITDebug
SyncMode5
<NULL>
Compatible
Platform
FrameTabWindow
FrameMerging
SessionMerging
AdminTabProcs
TabProcGrowth
FEATURE_CLIENTAUTHCERTFILTER
FromCacheTimeout
SecureProtocols
DisableKeepAlive
IdnEnabled
PreConnectLimit
PreResolveLimit
SqmHttpStreamRandomUploadPoolSize
CacheMode
EnableHttp1_1
ProxyHttp1.1
EnableNegotiate
DisableBasicOverClearChannel
ClientAuthBuiltInUI
DisableReadRange
SocketSendBufferLength
SocketReceiveBufferLength
KeepAliveTimeout
MaxHttpRedirects
MaxConnectionsPerServer
MaxConnectionsPer1_0Server
MaxConnectionsPerProxy
ServerInfoTimeout
ConnectTimeOut
ConnectRetries
SendTimeOut
ReceiveTimeOut
DisableNTLMPreAuth
ScavengeCacheLowerBound
CertCacheNoValidate
ScavengeCacheFileLifeTime
ScavengeCacheFileLimit
HttpDefaultExpiryTimeSecs
FtpDefaultExpiryTimeSecs
LeashLegacyCookies
SendExtraCRLF
WpadSearchAllDomains
DontUseDNSLoadBalancing
ShareCredsWithWinHttp
DnsCacheEnabled
DnsCacheEntries
DnsCacheTimeout
WarnOnPost
WarnAlwaysOnPost
WarnOnZoneCrossing
WarnOnBadCertRecving
WarnOnPostRedirect
AlwaysDrainOnRedirect
WarnOnHTTPSToHTTPRedirect
TcpAutotuning
BadProxyExpiresTime
AutoProxyDetectType
WpadOverride
DisableBranchCache
UseFirstAvailable
CombineFalseStartData
DisableFalseStartBlocklist
EnforceP3PValidity
DuoProtocols
EnableSpdyDebugAsserts
DefaultConnectionSettings
SystemSetupInProgress
ProxyEnable
ProxyServer
ProxyOverride
AutoConfigURL
AutoDetect
SavedLegacySettings
DisableSecuritySettingsCheck
CreateUriCacheSize
EnablePunycode
InstallRoot
CLRLoadLogDir
OnlyUseLatestCLR
GCStressStart
GCStressStartAtJit
DisableConfigCache
CacheLocation
DownloadCacheQuotaInKB
EnableLog
LoggingLevel
ForceLog
LogFailures
VersioningLog
LogResourceBinds
UseLegacyIdentityFormat
DisableMSIPeek
NoClientChecks
DevOverrideEnable
LatestIndex
NIUsageMask
ILUsageMask
DisplayName
ConfigMask
ConfigString
MVID
EvalationData
Status
ILDependencies
NIDependencies
MissingDependencies
Modules
SIG
LastModTime
mscorlib
Latest
index1
LegacyPolicyTimeStamp
ProcessID
EnablePrivateObjectHeap
ContextLimit
ObjectLimit
IdentifierLimit
TrapPollTimeMilliSecs
SystemBiosVersion
SystemBiosDate
{K7C0DB872A3F777C0}
{0C9AF4CA87294C6F7}
aqyYukeiQjxcm
{IC9AF4CA87294C6F7}
ProgramFilesDir
DropLocation
eulaaccepted
PendingFileRenameOperations
Enable
UILanguage
NoRun
NoDrives
RestrictRun
NoNetConnectDisconnect
NoRecentDocsHistory
NoClose
CommonFilesDir
RegisteredOwner
RegisteredOrganization
System.Xml
System
System.Configuration
System.Data.SqlXml
WaitToKillServiceTimeout
svcVersion
MachineGuid
WpadDecision
WpadDecisionTime
WpadExpirationDays
Software\Microsoft\Office\Common
Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata
SOFTWARE\Microsoft\Office\Common
SOFTWARE\Wow6432Node\Microsoft\Office\Common
Software\Microsoft\Office\16.0\Registration\WIN7-PC
Software\Microsoft\Office\ClickToRun\Configuration
Software\KMPlayer\KMP3.0\OptionList\KMPWizard
Software\Microsoft\Windows Script\Settings
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Fusion\GACChangeNotification\Default
Software\Microsoft\RFC1156Agent\CurrentVersion\Parameters
Software\Licenses
CLSID\{477A9A4C-5103-5A20-91C8-F9BCD665CD4A}
InprocServer32
SOFTWARE\Microsoft\MpSigStub
Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Software\ScanSoft\OmniPageSE2.0\General
Software\Mozilla\Thunderbird\TaskBarIDs
Software\Microsoft\RestartManager\Session0000
Software\\Microsoft\\Internet Explorer\\Styles
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
C:\Users\win7\AppData\Local\Temp\WIN7-PC-20160404-1812.log
C:\Windows\system32\rsaenh.dll
C:\sample
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db
C:\Users\win7\Desktop\desktop.ini
C:\Users\win7\AppData\Local\Temp\_MSI5166._IS
C:\Setup.INI
C:\0x0000.ini
C:\Windows\Fonts\staticcache.dat
C:\Users\win7\AppData\Local\Temp\DLG5CE3.tmp
C:\Users\win7\AppData\Local\Temp\DLG\initWindow\css\style.css
C:\Users\win7\AppData\Local\Temp\DLG\initWindow\noconnection.html
C:\Users\win7\AppData\Local\Temp\DLG\initWindow\progress.html
C:\Users\win7\AppData\Local\Temp\DLG\loadingImage\loadingImage.bmp
C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
\\.\Nsi
C:\sample.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch
C:\Users\win7\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\win7\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index1c2.dat
C:\Windows\system32\l_intl.nls
C:\Windows\assembly\pubpol1.dat
\\.\PHYSICALDRIVE0
\\.\SCSI0:
\\.\C:
C:\Users\win7\AppData\Local\Temp\FF23EFF2.TMP
C:\Users\win7\AppData\Local\Temp\C9AF4CA87294C6F7.TMP
\\.\SIce
\\.\NTICE
\\.\SIWDEBUG
\\.\SIWVID
C:\
C:\Windows
C:\Users\win7\AppData\Local\Temp\nst988A.tmp\System.dll
C:\Users\desktop.ini
C:\Users
C:\Users\win7
C:\Users\win7\AppData
\\?\C:\Users\win7\AppData\Roaming\Netspy Pro-2.0.5386.26226\install\decoder.dll
\\?\C:\Users\win7\AppData\Roaming\Netspy Pro-2.0.5386.26226\install\holder0.aiph
C:\setup.ini
0x0000.ini
1.217.504.0_TO_1.217.576.0_MPASDLTA.VDM._P
1.217.504.0_TO_1.217.576.0_MPAVDLTA.VDM._P
C:\Users\win7\AppData\Local\Temp\\~DFB465194DCF923C61.TMP
c:\sample.exe
c:\windows\system32\explorer.exe
CONIN$
CONOUT$
rufus.com
C:\Windows\system32\rufus.ini
C:\Users\win7\AppData\Local\Temp\Ruf778A.tmp
\\.\MountPointManager
C:\Windows\system32\rufus.ini~
\\.\pipe\GoogleCrashServices\S-1-5-21-3979321414-2393373014-2172761192-1000
C:\Users\win7\AppData\Local\Temp\juvJb444ud.tmp
C:\Users\win7\AppData\Local\Temp\juvJb444ud.tmp\htmlayout.dll
C:\Users\win7\AppData\Local
C:\Users\win7\AppData\Local\Temp
C:\Users\win7\AppData\Local\Temp\nsh1130.tmp
\\.\PhysicalDrive0
\\.\PhysicalDrive1
\\.\PhysicalDrive2
\\.\PhysicalDrive3
\\.\PhysicalDrive4
C:\ProgramData\219d5106-5a99-41fd-b942-db6b503b0178\temp
C:\_Setup.dll
1.217.519.0_TO_1.217.613.0_MPASDLTA.VDM._P
1.217.519.0_TO_1.217.613.0_MPAVDLTA.VDM._P
C:\License.bin
C:\\config\config.cfg
C:\\config\version.cfg
C:\\config\userinfo.cfg
C:\Users\win7\AppData\Local\Temp\nsbBCA6.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsbBCA6.tmp\CityHash.dll
C:\Windows\system32\spool\drivers\color\sRGB Color Space Profile.icm
C:\Users\win7\AppData\Local\Temp\is-9RJFR.tmp\_isetup\_setup64.tmp
C:\Users\win7\AppData\Local\Temp\is-9RJFR.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-S02JH.tmp\_isetup\_setup64.tmp
C:\Users\win7\AppData\Local\Temp\is-S02JH.tmp\_isetup\_shfoldr.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\ProgramData\d8986107-dff3-4565-a17b-637d7c3968d3\temp
C:\Users\win7\AppData\Local\Temp\is-1NVRI.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\nsgDFAD.tmp
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\_isetup\_RegDLL.tmp
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\_isetup\_setup64.tmp
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\_isetup\_isdecmp.dll
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\isgsg.dll
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\ISDone.dll
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\isslideshow.dll
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\IsWin7.dll
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\dwmEnabled.dll
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\b2p.dll
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\botva2.dll
C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\temp
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\Welcome.zip
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\Spigot29.zip
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/img/bottomleft.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/index.html
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/script.js
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/styles.css
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/img/bottomleft.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/img/bottomright.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/img/check-icon.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/img/download-logo.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/img/bottomright.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/img/check-icon.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/img/download-logo.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/img/green-btn.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/img/grey-btn.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/img/installer-bg.jpg
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/img/topleft.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/img/topright.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/img/windows-32x32.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/index.html
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/script.js
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Welcome/styles.css
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Common/jquery.min.js
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/img/green-btn.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\MalwareProtection.zip
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\Installation.zip
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/img/grey-btn.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/img/installer-bg.jpg
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/img/topleft.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/img/topright.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Spigot29/img/windows-32x32.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Common/json3.min.js
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Common/stats.js
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/index.html
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/script.js
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/index.html
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/script.js
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/styles.css
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/bottomleft.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/bottomright.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/download-logo.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/green-btn.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/styles.css
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/img/bottomleft.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/img/bottomright.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/img/check-icon.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/img/download-logo.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/img/green-btn.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/img/grey-btn.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/img/installer-bg.jpg
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/img/topleft.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/grey-btn.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/installer-bg.jpg
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/pause-button.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/progressbar-left.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/progressbar-right.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/progressfilled-left.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/progressfilled-right.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/resume-button.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/stop-button.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/topleft.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/topright.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Installation/img/windows-32x32.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\Finish.zip
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/img/topright.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Finish/index.html
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\MalwareProtection/img/windows-32x32.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Finish/script.js
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Finish/styles.css
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Finish/img/bottomleft.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Finish/img/bottomright.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Finish/img/download-logo.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Finish/img/green-btn.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Finish/img/grey-btn.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Finish/img/installer-bg.jpg
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Finish/img/topleft.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Finish/img/topright.png
C:\Users\win7\AppData\Local\Temp\564DE15C-EA68-4C81-B4F6-FD6CD70A2245\\Finish/img/windows-32x32.png
Software\Microsoft\Office\16.0\common\filespaths
Software\Policies
Software\Microsoft\Office
Software\Policies\Microsoft\Office
SYSTEM\CurrentControlSet\Control\FileSystem
Software\Policies\Microsoft\Windows\Installer
Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3979321414-2393373014-2172761192-1000\Installer\Products\00006109F60000000000000000F01FEC
S-1-5-21-3979321414-2393373014-2172761192-1000\Software\Microsoft\Installer\Products\00006109F60000000000000000F01FEC
Software\Classes\Installer\Products\00006109F60000000000000000F01FEC
Software\Microsoft\Windows\CurrentVersion\Installer\UserData
Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F60000000000000000F01FEC\InstallProperties
Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3979321414-2393373014-2172761192-1000\Components\A725889A5DF965C4E84A0253A39A5952
Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A725889A5DF965C4E84A0253A39A5952
Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3979321414-2393373014-2172761192-1000\Installer\Products
S-1-5-21-3979321414-2393373014-2172761192-1000\Software\Microsoft\Installer\Products
Software\Classes\Installer\Products
Software\Microsoft\Office\16.0\Common\Logging
Software\Microsoft\Office\Common
ClientTelemetry
Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
Software\Microsoft\Office\16.0\Common\ClientTelemetry\Debug
Software\Microsoft\Office\16.0\Common\ClientTelemetry
Software\Microsoft\ClickToRun\OverRide
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Office\16.0\Common\Debug
Software\Microsoft\Office\16.0\Common
RulesMetadata\sample
SOFTWARE\Microsoft\Office\16.0\Common\OEM
SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\OEM
Software\Microsoft\Office\ClickToRun\Configuration
Software\Microsoft\Office\16.0\Registration\{D7279DD0-E175-49FE-A623-8FC2FC00AFC4}
Software\Wow6432Node\Microsoft\Office\16.0\Registration\{D7279DD0-E175-49FE-A623-8FC2FC00AFC4}
Software\Microsoft\Office\ClickToRun\propertyBag
SOFTWARE\ATI\ACE\SETTINGS\CLI
SOFTWARE\ATI\ACE\PACKAGES\CORE-STATIC
SOFTWARE\InstallShield\16.0\Professional
Software\InstallShield\ISWI\7.0\SetupExeLog
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
Segoe UI
MS Sans Serif
SOFTWARE\Microsoft\OLEAUT
SYSTEM\CurrentControlSet\Services\crypt32
SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1
Software\Microsoft\Windows\CurrentVersion\Setup
Software\Microsoft\Windows\CurrentVersion
system\CurrentControlSet\control\NetworkProvider\HwOrder
SOFTWARE\Dell Computer Corporation\OpenManage\Shared
Software\Microsoft\Internet Explorer
SOFTWARE\Microsoft\Windows Script\Features
Software\Microsoft\COM3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Content
Cookies
History
Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Software\Microsoft\Internet Explorer\Main\FeatureControl
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
FEATURE_BROWSER_EMULATION
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
Software
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Pre Platform
Post Platform
Software\Microsoft\Internet Explorer\Main
Software\Policies\Microsoft\Internet Explorer\Main
RETRY_HEADERONLYPOST_ONCONNECTIONRESET
FEATURE_MIME_HANDLING
FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
FEATURE_INCLUDE_PORT_IN_SPN_KB908209
FEATURE_BUFFERBREAKING_818408
FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
FEATURE_USE_CNAME_FOR_SPN_KB911149
FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
FEATURE_DIGEST_NO_EXTRAS_IN_URI
FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Internet Explorer
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
Software\Policies\Microsoft\PeerDist\Service
Software\Microsoft\Windows NT\CurrentVersion\PeerDist\Service
System\Setup
FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Microsoft\Internet Explorer\Security
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
FEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
Software\Microsoft\.NETFramework\Policy\
v2.0
Software\Microsoft\.NETFramework
Upgrades
Standards
AppPatch
Software\Microsoft\.NETFramework\Policy\Standards
v2.0.50727
Software\Microsoft\Fusion
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sample
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
Internet
LocalIntranet
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3979321414-2393373014-2172761192-1000
Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
index1c2
NI\181938c6\7950e2c5
NI\181938c6\7950e2c5\16
IL\7950e2c5\4b5f28af\5f
Software\Microsoft\StrongName
NI\3b9f449b\f7bfa50
Software\Microsoft\Fusion\PublisherPolicy\Default
policy.1.0.Microsoft.Practices.CompositeUI.WinForms__77af1478c1aac759
NI\190ccbdc\2195e275
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3979321414-2393373014-2172761192-1000\Installer\Assemblies\C:|sample
Software\Microsoft\Installer\Assemblies\C:|sample
SOFTWARE\Classes\Installer\Assemblies\C:|sample
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3979321414-2393373014-2172761192-1000\Installer\Assemblies\Global
Software\Microsoft\Installer\Assemblies\Global
SOFTWARE\Classes\Installer\Assemblies\Global
Software\Microsoft\WBEM\CIMOM
Software\Licenses
Hardware\Description\System
CLSID\{477A9A4C-5103-5A20-91C8-F9BCD665CD4A}
CLSID
{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}
InprocServer32
Software\The Silicon Realms Toolworks\Armadillo
{112BC2E7-9EF9-3648-AF9E-45C0D4B89929}
{0cbb5036-f2b2-4b38-8cbc-895cec57db03}
{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}
{0cbb5032-f2b2-4b38-8cbc-895cec57db03}
{03837526-098B-11D8-9414-505054503030}
{0B5A7836-4C16-4560-90B2-0F5DAF6D6D1B}
{00020C01-0000-0000-C000-000000000046}
AppID
{287b2c47-0d1d-4055-95b6-5d13b8c45410}
SOFTWARE\WebEx\ProdTools
MS Shell Dlg 2
Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3979321414-2393373014-2172761192-1000\Installer\UpgradeCodes\6656998F06661924AA809F895A3821C6
S-1-5-21-3979321414-2393373014-2172761192-1000\Software\Microsoft\Installer\UpgradeCodes\6656998F06661924AA809F895A3821C6
Software\Classes\Installer\UpgradeCodes\6656998F06661924AA809F895A3821C6
InterbootContext
SOFTWARE\Microsoft\Internet Explorer
SOFTWARE\Microsoft\CTF\Compatibility\sample
Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
SOFTWARE\Microsoft\CTF\TIP\
{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
Keyboard Layout\Toggle
Software\Microsoft\CTF\DirectSwitchHotkeys
SOFTWARE\Microsoft\CTF\
{78662ce2-ab87-4756-90b5-d769032bc8c0}
ISlogit
SOFTWARE\Microsoft\MpSigStub
Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverNavigator_is1
Software\CodeGear\Locales
Software\Borland\Locales
Software\Borland\Delphi\Locales
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
System\CurrentControlSet\Control\Keyboard Layouts\041F0409
System\CurrentControlSet\Control\Keyboard Layouts\04090409
Tahoma
Software\Microsoft\Windows\CurrentVersion\Uninstall\{BF634210-A0D4-443F-A657-0DCE38040374}_is1
Software\Microsoft\Windows\CurrentVersion\Uninstall\Farming Simulator 15 - Holmer_is1
NI\6cf36413\4fd76a07
Software\Google\Update\
Software\Google\UpdateDev\
Software\Google\Update\ClientState\
Software\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Software\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
SYSTEM\CurrentControlSet\Control\Session Manager
Software\ScanSoft\OmniPageSE2.0\OcrAware
Software\ScanSoft\OmniPageSE2.0\General
Software\Microsoft\Cryptography\Wintrust\Config
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cash Kitten
Software\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Software\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
SOFTWARE\yessearchesSoftware\yessearcheshp
SOFTWARE\hohosearchSoftware\hohosearchhp
Software\LuckyBrowse
Software\Smartbar
Software\RGMservice
Software\Pservice
SOFTWARE\Norton
SOFTWARE\KasperskyLab
GDSetup
SOFTWARE\ESET
Software\ESET
Software\Rtp
Software\Microsoft\Windows\CurrentVersion\Uninstall\InternetQuickAccess
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Checked List
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Software\GenericAddon
Software\SpeedChecker
Software\CheckMeUp
Software\CheckMeApp
Software\IneedSpeed
Software\SpeedCheck
Software\SpeeditUp
Software\BlockAndSurf
Software\Safer-Surf
SOFTWARE\Avira\AntiVir Desktop
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Window Results
Software\Classes\CLSID\{99415057-7C50-439D-AA20-02D83C071B61}
SOFTWARE\5da059a482fd494db3f252126fbc3d5b
SOFTWARE\CloudGuard
SOFTWARE\7E745E7F7BAA4842A833716036DEBF6F
SOFTWARE\1832BFF4F2BF43989682B0AF5ECB8F68
SOFTWARE\4033691F40C1493E895E791CE3CF0976
SOFTWARE\32D26CAEEEFE4E83BD53C0261341085D
SOFTWARE\0E2A533F19374E488CF48F950F5A07F1
SOFTWARE\D909B01E08AE40EEA47F9FA8D7CF746B
SOFTWARE\655ED0DD7DA047618002AF578ADFA012
SOFTWARE\3DE9D279B98F48E898283B1445515BDB
SOFTWARE\43B149F5CEBC46BC8103DE23FA2D99BF
SOFTWARE\F370AC1ED9E143D29D6D3CA1F7A957B3
SOFTWARE\52F8D668751743D79231B4E61DF0D1EF
Software\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Software\Microsoft\Windows\CurrentVersion\Uninstall\Eppink
Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
SOFTWARE\Microsoft\NET Framework Setup\NDP
Software\TutoTag
CLSID\{08ACFB57-8187-47f0-AF93-56360D03634A}
CLSID\{403E842C-83DE-4d95-B19C-C4C71F9C6078}
CLSID\{D52F7CE0-A4BA-4220-A907-444CB6158A09}
CLSID\{F9E6F9C4-2592-45e5-A641-D0D7FF0EB43C}
CLSID\{BC1DDB0D-4663-40bd-812C-12EC1D2EE97C}
CLSID\{2E3EBFCA-0815-4961-A617-3C06976B77FC}
CLSID\{D44CEDFE-7157-4cb5-A339-2CD1249A2153}
SOFTWARE\Classes\Wow6432Node\CLSID\{88d8ecb7-204f-4efd-8134-f6341f76c672}
SOFTWARE\Classes\Wow6432Node\CLSID\{42ab629f-6fd1-44e2-9a7f-4cbfea37e4bf}
SOFTWARE\Classes\Wow6432Node\CLSID\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}
SOFTWARE\Classes\Wow6432Node\CLSID\{08ae5e13-70cc-4fbb-ad00-ef4b90a44451}
SOFTWARE\Classes\Wow6432Node\CLSID\{a4ad8fd9-b395-43e3-88b5-240710b48e27}
SOFTWARE\Classes\Wow6432Node\CLSID\{05bf0e05-a298-4d0a-b6eb-f55b30a2e662}
SOFTWARE\Classes\Wow6432Node\CLSID\{32cf5a7d-f785-42ee-b97f-4c53ea70e6ed}
SOFTWARE\Classes\Wow6432Node\CLSID\{90128821-e848-437c-999b-1b4eb986947a}
SOFTWARE\Classes\Wow6432Node\CLSID\{516444ca-a80b-4143-96cb-605675251c4f}
SOFTWARE\Classes\Wow6432Node\CLSID\{41ca0640-a64c-4262-8540-36c33ee58961}
SOFTWARE\Classes\Wow6432Node\CLSID\{193b40dd-1d63-4025-8c4d-b8bb042442da}
SOFTWARE\Classes\Wow6432Node\CLSID\{096b81ea-be98-4454-950f-8447f4abe833}
SOFTWARE\Classes\Wow6432Node\CLSID\{cf4032f0-2dc7-4311-8516-8f8b0da1a903}
SOFTWARE\Classes\Wow6432Node\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}
SOFTWARE\OpenVPN
SOFTWARE\VMware
SOFTWARE\Oracle\VirtualBox
SOFTWARE\Ikarus
SOFTWARE\Doctor Web
SOFTWARE\SearchModule
SOFTWARE\SearchModulePlus
SOFTWARE\Class
Software\InternetBrowser
Software\DeskBar
Software\BrowserAir
Software\TheBrowser
CLSID\{121D5B8F-55A2-4E9F-9C0C-496534869A9C}
SOFTWARE\Avg
SOFTWARE\Avast
software\Microsoft\idsc
software\Microsoft\idsc20
software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
software\Microsoft\{7b6d6a5c-84cc-42db-b817-000a05728e99}
software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
software\Microsoft\{99cfe81f-094e-46bf-9bf2-7523d2668544}
software\Microsoft\{cf50d5c9-de2c-44cf-9fc8-0c591c97f448}
software\Microsoft\{0f9bf30b-d979-431e-82a9-7ed45eee98c3}
Software\Super Optimizer\BuyNowURL
Software\Nosibay\Bubble Dock Tag
Software\McAfee
Software\Wajam
Software\WajIEnhance
Software\WajaIEnhance
Software\WInternetEnhance
Software\WaInternetEnhance
Software\WajInternetEnhance
Software\WajaInternetEnhance
Software\WInterEnhance
Software\WaInterEnhance
Software\WajInterEnhance
Software\WajaInterEnhance
Software\WIntEnhance
Software\WaIntEnhance
Software\WajIntEnhance
Software\WajaIntEnhance
Software\WNEnhance
Software\WaNEnhance
Software\WajNEnhance
Software\WajaNEnhance
Software\WNetEnhance
Software\WaNetEnhance
Software\WajNetEnhance
Software\WajaNetEnhance
Software\WNetworkEnhance
Software\WaNetworkEnhance
Software\WajNetworkEnhance
Software\WajaNetworkEnhance
Software\WWebEnhance
Software\WaWebEnhance
Software\WajWebEnhance
Software\WajaWebEnhance
Software\WIEnhancer
Software\WaIEnhancer
Software\WajIEnhancer
Software\WajaIEnhancer
Software\WInternetEnhancer
Software\WaInternetEnhancer
Software\WajInternetEnhancer
Software\WajaInternetEnhancer
Software\WInterEnhancer
Software\WaInterEnhancer
Software\WajInterEnhancer
Software\WajaInterEnhancer
Software\WIntEnhancer
Software\WaIntEnhancer
Software\WajIntEnhancer
Software\WajaIntEnhancer
Software\WNEnhancer
Software\WaNEnhancer
Software\WajNEnhancer
Software\WajaNEnhancer
Software\WNetEnhancer
Software\WaNetEnhancer
Software\WajNetEnhancer
Software\WajaNetEnhancer
Software\WNetworkEnhancer
Software\WaNetworkEnhancer
Software\WajNetworkEnhancer
Software\WajaNetworkEnhancer
Software\WWebEnhancer
Software\WaWebEnhancer
Software\WajWebEnhancer
Software\WajaWebEnhancer
SOFTWARE\SVH
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rec_en_77_is1
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SwiftSearch_1.10.0.25
SOFTWARE\Wow6432Node\SwiftSearch_1.10.0.25
Software\Nosibay\Bubble Dock
Software\Class
SOFTWARE\LSM
SOFTWARE\CandyBox
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Itibiti_is1
SOFTWARE\Flashbeat
software\dtsencodetools
software\amigo
software\comodogroup\chromodo
software\appdatalow\software\compete
software\compete
software\competeinc
software\consumerinput
software\dnsio
software\looksafe
software\webdnsio
software\probit software\easy driver pro
software\classes\clsid\{79f768ed-0b12-42ef-8257-36751a0ecf3a}
software\fast-search
software\fastsearch
software\flowsurf
software\quicksearch
software\tabnav
software\doreme
software\lolliscan
software\lolykey
software\piccolor utility
software\securityutility
software\smartpurpleconf
clsid\{08acfb57-8187-47f0-af93-56360d03634a}
clsid\{2e3ebfca-0815-4961-a617-3c06976b77fc}
clsid\{403e842c-83de-4d95-b19c-c4c71f9c6078}
clsid\{bc1ddb0d-4663-40bd-812c-12ec1d2ee97c}
clsid\{d44cedfe-7157-4cb5-a339-2cd1249a2153}
clsid\{d52f7ce0-a4ba-4220-a907-444cb6158a09}
clsid\{f9e6f9c4-2592-45e5-a641-d0d7ff0eb43c}
software\classes\clsid\{05bf0e05-a298-4d0a-b6eb-f55b30a2e662}
software\classes\clsid\{08acfb57-8187-47f0-af93-56360d03634a}
software\classes\clsid\{08ae5e13-70cc-4fbb-ad00-ef4b90a44451}
software\classes\clsid\{096b81ea-be98-4454-950f-8447f4abe833}
software\classes\clsid\{193b40dd-1d63-4025-8c4d-b8bb042442da}
software\classes\clsid\{32cf5a7d-f785-42ee-b97f-4c53ea70e6ed}
software\classes\clsid\{41ca0640-a64c-4262-8540-36c33ee58961}
software\classes\clsid\{42ab629f-6fd1-44e2-9a7f-4cbfea37e4bf}
software\classes\clsid\{516444ca-a80b-4143-96cb-605675251c4f}
software\classes\clsid\{88d8ecb7-204f-4efd-8134-f6341f76c672}
software\classes\clsid\{90128821-e848-437c-999b-1b4eb986947a}
software\classes\clsid\{a4ad8fd9-b395-43e3-88b5-240710b48e27}
software\classes\clsid\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}
software\classes\clsid\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}
software\classes\clsid\{cf4032f0-2dc7-4311-8516-8f8b0da1a903}
software\baidu\hao123-jp
software\adsafe4
software\huorong
software\microsoft\windows\currentversion\uninstall\{96f04c1b-e352-4a90-bed4-11a0fa968bc2}_is1
software\microsoft\windows\currentversion\uninstall\u641c\u72d0\u5f71\u97f3
software\rising
software\sta\mtview
software\tencent\qqpcmgr
software\microsoft\windows\currentversion\uninstall\mbot_id_014010032_is1
software\advpn
software\microsoft\windows\currentversion\uninstall\netstream 1.0
software\piratium
software\appdatalow\software\blockandsurf
software\appdatalow\software\checkmeapp
software\appdatalow\software\checkmeup
software\appdatalow\software\genericaddon
software\appdatalow\software\ineedspeed
software\appdatalow\software\safer-surf
software\appdatalow\software\speedcheck
software\appdatalow\software\speedchecker
software\appdatalow\software\speeditup
software\classes\clsid{4aa46d49-459f-4358-b4d1-169048547c23}
software\classes\clsid{b853e835-9f24-4f4b-b55c-e554d15cccd2}
software\microsoft\windows\currentversion\uninstall\note-up
software\microsoft\windows\currentversion\uninstall\nuins
software\microsoft\windows\currentversion\uninstall\weathertool
software\microsoft\windows\currentversion\uninstall\yspackage
software\wow6432node\dtsencodetools
software\wow6432node\istartsurfsoftware\istartsurfhp
software\wow6432node\key-findsoftware\key-findhp
software\wow6432node\mystartsearchsoftware\mystartsearchhp
software\1950c178-e1bd-4c8d-4a81-8c1d5846c3e1
software\1e8bad4d-072b-48c2-faab-0f9697a10ab7
software\9bdb6862-e2b2-438d-6c24-6b5de4d5a1f1
software\canortic
software\esties
software\microsoft\windows\currentversion\uninstall\{55d4b236-fe79-4782-cc2d-55acaf147087}
software\microsoft\windows\currentversion\uninstall\{74f1e872-8d6f-4cc7-58d6-c60d8dfe43ed}
software\microsoft\windows\currentversion\uninstall\{9280d7b0-5b63-492e-562e-8cd12e21da09}
software\microsoft\windows\currentversion\uninstall\{e20d6e44-c692-4329-d495-57e2996fc3ed}
software\ryofward
software\subpar\{19893c3d-1309-4b95-7643-80882aa33d0f}
software\{13ca1734-3cad-4f94-ef7f-ab84ccf08ec7}
software\{154667ea-1743-4542-3a21-738ffb10fe54}
software\{4130650b-6b01-45b1-f03d-4e1b190508f7}
software\{4a4f4999-31eb-416d-304a-9afc235d4d06}
software\{59bcf3c8-2b55-471a-ae11-cb40ec1008a4}
software\{61c74471-aa3d-45d5-ef57-2bb43561ed5d}
software\{ba70652c-ece3-41d5-a4e4-eafa388ea69d}
software\microsoft\windows\currentversion\uninstall\ospd_us_014010037_is1
software\microsoft\windows\currentversion\uninstall\s5mark
software\xs
software\microsoft\windows\currentversion\uninstall\seznaminstall
software\classes\clsid\{55fc8d93-9e8b-41d6-84a4-09830910158d}
software\classes\clsid\{8244ce7c-a878-4be9-8b6b-19206da348c2}
software\classes\clsid\{b1fdb64c-07ac-4b60-aef7-ee65437be4c6}
software\classes\clsid\{f1f0cbda-5d80-47ba-9a7e-bd9e8c1883a2}
software\microsoft\ldsc20
software\microsoft\windows\currentversion\uninstall\soundplus
software\microsoft\windows\currentversion\uninstall\{27c41d5e-53c8-4033-bad0-1f1bc926ab5c}
software\microsoft\windows\currentversion\uninstall\{7adf667e-e14d-4d2c-827c-b0108f0d93bc}
software\microsoft\windows\currentversion\uninstall\{c42c5197-0ee9-4940-893b-f4ef047dff0f}
software\microsoft\windows\currentversion\uninstall\{f252f215-5ca5-4643-bcd2-62e4be7f940e}
software\soundplus
software\tstamptoken
software\mail.ru
software\classes\clsid\{0d220ede-02c6-41c1-8558-5a89b52b13d8}
software\classes\clsid\{3f5ef5f7-35b2-4bb3-a36a-8518b54dc3ed}
software\classes\clsid\{5f9b9a38-371b-4fee-b878-01923eb8377f}
software\classes\clsid\{632b6d57-8586-40d8-bb34-30d7a7ec537a}
software\classes\clsid\{8dcf3491-cc4b-4353-a993-f74be1a9735f}
software\classes\clsid\{8ff10fed-2f0a-4f7f-be87-b04f1dcd4319}
software\classes\clsid\{94f4120c-a8c5-4c54-8594-e83fe800edba}
software\classes\clsid\{a1e9bf3e-e447-4e27-b5e7-50095b442777}
software\classes\clsid\{e8779de6-44f9-4d65-97b9-76ce4fc17738}
software\microsoft\windows\currentversion\uninstall\sunnyday5_is1
software\npapp
software\appdatalow\software\trailertime
software\powerpack
software\microsoft\windows\currentversion\uninstall\baidu ime
software\microsoft\windows\currentversion\uninstall\kantanstartbox
software\microsoft\moviedea\exploremedia
software\microsoft\moviedea\moviedea
software\microsoft\moviedea\windoweather\exploretech
software\microsoft\playgem\exploremedia
software\microsoft\playgem\playgem
software\microsoft\windoweather\windoweather
software\microsoft\windows\currentversion\uninstall\wooden seal
software\microsoft\windows\currentversion\uninstall\gupdate 1.00
software\nvidia corporation\global\nvupdate
software\goobzo
software\shopperpro
software\shopperpro3
software\ytdownloader
Software\Microsoft\Rpc
Software\Policies\Microsoft\Windows NT\Rpc
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Au_.exe
CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
{babe9b11-0f98-11e5-b301-806e6f6e6963}\
Drive\shellex\FolderExtensions
Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
Software\Policies\Microsoft\Windows\Explorer
CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}
Software\Microsoft\OLE
TreatAs
System\CurrentControlSet\Services\LDAP
<NULL>
Advanced
Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
Directory
CurVer
ShellEx\IconHandler
Folder
AllFilesystemObjects
DocObject
BrowseInPlace
Clsid
Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
PropertyBag
SessionInfo\1
KnownFolders
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
{5E6C858F-0E22-4760-9AFE-EA3317B67173}
{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}
CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
Software\Microsoft\Windows NT\CurrentVersion\VFW
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
http\shell\open\command
Software\Wine
SOFTWARE\Policies\Microsoft\CabinetSelfExtractor
Software\Embarcadero\Locales
SOFTWARE\Microsoft\Windows NT\CurrentVersion
NI\632cee3c\16eb27fb
policy.2.0.System.Xml__b77a5c561934e089
NI\6faf58\19ab8d57
NI\6faf58\19ab8d57\15
IL\424bd4d8\324708cb\5c
IL\75638fee\27002c8f\5a
IL\19ab8d57\c91dbb2\5e
NI\30bc7c4f\3f50fe4f\18
IL\3f50fe4f\265c633d\60
policy.2.0.System__b77a5c561934e089
policy.2.0.System.Configuration__b03f5f7f11d50a3a
policy.2.0.System.Data.SqlXml__b77a5c561934e089
SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
SOFTWARE\Hewlett-Packard\SDPApp
System\CurrentControlSet\Control
Software\Microsoft\RestartManager
{fe6ff7b1-fbcf-4097-b1fc-9c6abc0cd906}
SOFTWARE\SSPrint\Logger\AMPV
SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
SOFTWARE\JungleNet
Software\\Microsoft\\Internet Explorer\\Styles
SOFTWARE\\Mozilla\\Mozilla Firefox
Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Google Chrome
Software\\Microsoft\\Internet Explorer
Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice
http\\shell\\open\\command
SOFTWARE\\Microsoft\\Cryptography
SOFTWARE\{A9B2FF43-266F-478c-9D0C-CCE9311F5D6B}
Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C3060724-6AC7-4BEF-B516-4F6B1D90887D
SYSTEM\\CurrentControlSet\\Services\\MBAMProtector\\Instances\\MBAMProtector Instance
{69DC4768-446B-4F82-A6B0-63966A243064}
<NULL>
MMInstallerInstance
DlgCpp
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RAL3BBEAAA4
3BBEAAA4::WK
Global/Rufus_CmdLine
Global/Rufus
RasPbFile
opwareSE2
2fedd336-1eb4-4f48-81e4-0de0e21c4a53
Global\SearchWebKnow
Advinst_C8473B2BF31148C09A4DD7884737912A
Global\81497530bd5d10307d8caf332f4c367
Global\5193263c88613d24bd1fc3cfdc5d886
Global\359dca4322b8b4a0f7f92bf448150fb
Global\{3EBE6875-9C4E-4782-8A43-275AFFFCA6FB}
Global\jQh5hthTnfTcI8fk7yydSw==
Local\43773530-129a-4298-88f2-20eea3e4a59b
Alcatel_Generic_Application_Install_Mutex
MutexBasav12345
Global\CashKitten
Local\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511
Local\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000
Global\{758F66C0-4B4C-4c4a-81F9-D289C5CCE8E5}
Global\JungleNet
Local\MSCTF.Asm.MutexDefault1
Global\CLR_CASOFF_MUTEX
BFC::DA29D97020
3BBEAAA4:SIMULATEEXPIRED
RasPbFile
Global\SearchWebKnow
Alcatel_Generic_Application_Install_Mutex
8B967CDE-EB6E-445C-8885-FEE4558F762B
Global\CashKitten
Global\JungleNet
C:\sample
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
C:\DLL_Loader.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\syswow64\kernel32.dll
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\system32\RICHED20.DLL
C:\Windows\system32\RICHED20.dll
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Windows\system32\MSVBVM60.DLL
C:\Users\win7\AppData\Local\Temp\is-BB3G8.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-ACEED.tmp\sample.tmp
C:\Windows\system32\Riched20.DLL
C:\Windows\System32\msxml3.dll
C:\Windows\system32\aclui.dll
C:\Users\win7\AppData\Local\Temp\is-48NMN.tmp\sample.tmp
C:\Users\win7\AppData\Local\Tem
C:\Users\win7\AppData\Local\Temp\is-17BMU.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-1NVRI.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-N9K6T.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-SGDGO.tmp\isslideshow.dll
C:\Windows\SysWOW64\ieframe.dll
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2016-03-21 07:55:34.630575 ( )
Analysis End Date:  2016-03-22 09:08:54.416691 ( )
File Upload Date:  2016-03-19 20:47:11.224825 ( )
Update Date:  2016-03-22 09:08:54.416696 ( )
Human Expert Analyst Feedback:   Driver Update - Clean
Verdict:   Clean
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|