Analyzing...
|
File Name:   ResetBrowser.exe
SHA1:   e533bd6a5b666f3dec00f9e01fb000079be1fd74
MD5:   7101ff0673f62b340d6c082039cf4487
First Seen Date:  2016-03-24 06:51:35.967856 ( )
Number of Clients Seen:   11
Last Analysis Date:  2016-03-24 06:51:35.967920 ( )
Human Expert Analysis Date:  2016-09-06 11:36:44.833758 ( )Human Expert Analysis Result:   Clean
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2016-03-24 06:51:35.967920 | Clean | |
Static Analysis Overall Verdict | 2016-03-24 06:51:35.967920 | Highly Suspicious | |
Dynamic Analysis Overall Verdict | 2016-03-24 06:51:35.967920 | No Threat Found | help |
Human Expert Analysis Overall Verdict | 2016-09-06 11:36:44.833758 | Clean |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Clean | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Suspicious | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Anti-debug calls
TerminateProcess
Process32FirstW
Process32NextW
OutputDebugStringW
IsDebuggerPresent
UnhandledExceptionFilter
FindWindowExW
FindWindowW
GetWindowThreadProcessId
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Opens a file in a system directory | |
Logs user key strokes | |
Has no visible windows | |
Uses a function clandestinely |
Behavioral Information
comctl32.dll
KERNEL32.DLL
ADVAPI32.dll
bcrypt.dll
credui.dll
CRYPT32.dll
dwmapi.dll
GDI32.dll
gdiplus.dll
ole32.dll
OLEAUT32.dll
SHELL32.dll
SHLWAPI.dll
USER32.dll
UxTheme.dll
WINHTTP.dll
WINTRUST.dll
uxtheme.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
CRYPTSP.dll
CRYPTBASE.dll
WINTRUST.DLL
C:\Windows\syswow64\CRYPT32.dll
imagehlp.dll
ncrypt.dll
C:\Windows\SysWOW64\bcryptprimitives.dll
USERENV.dll
API-MS-Win-Security-SDDL-L1-1-0.dll
cryptnet.dll
C:\Windows\system32\cryptnet.dll
SensApi.dll
winhttp.dll
WS2_32.dll
kernel32.dll
SspiCli.dll
RPCRT4.dll
IPHLPAPI.DLL
ntdll.dll
NSI.dll
CFGMGR32.dll
API-MS-WIN-Service-Management-L1-1-0.dll
API-MS-WIN-Service-Management-L2-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
profapi.dll
DNSAPI.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
C:\sample
SHFOLDER
propsys.dll
ntmarta.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
C:\Users\win7\AppData\Local\Temp\nseBE2B.tmp\System.dll
C:\Windows\system32\kernel32.dll
C:\netcore.dll
IMM32.dll
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
OLEAUT32.DLL
C:\Users\win7\AppData\Local\Temp\is-A0HQA.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-A0HQA.tmp\sample.EN
imm32.dll
shell32.dll
C:\Users\win7\AppData\Local\Temp\is-S66P9.tmp\_isetup\_shfoldr.dll
shfolder.dll
Rstrtmgr.dll
C:\Windows\system32\imageres.dll
C:\Windows\system32\shell32.dll
C:\Windows\system32\shlwapi.dll
ADVAPI32.DLL
COMCTL32.DLL
COMDLG32.DLL
CRYPT32.DLL
DHCPCSVC.DLL
DNSAPI.DLL
FLTLIB.DLL
GDI32.DLL
IMAGEHLP.DLL
NETAPI32.DLL
NTDLL.DLL
OLE32.DLL
PSAPI.DLL
SFC.DLL
SHELL32.DLL
URLMON.DLL
USER32.DLL
USERENV.DLL
VERSION.DLL
WINHTTP.DLL
WININET.DLL
WINMM.DLL
WINSPOOL.DRV
WS2_32.DLL
WTSAPI32.DLL
BTHPROPS.DLL
BLUETOOTHAPIS.DLL
MSIMG32.DLL
IMM32.DLL
SETUPAPI.DLL
DWMAPI.DLL
UXTHEME.DLL
WINDOWSCODECS.DLL
WINSTA.dll
FaultRep.dll
olepro32.dll
security.dll
C:\Windows\syswow64\CRYPT32.DLL
Instngin.dll
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-win-core-fibers-l1-1-1
advapi32
api-ms-win-core-localization-l1-2-1
api-ms-win-appmodel-runtime-l1-1-1
ext-ms-win-kernel32-package-current-l1-1-0
C:\PYTHON27.DLL
pythondll
imageres.dll
C:\Users\win7\AppData\Local\Temp\is-3QKG2.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-3QKG2.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-NRR02.tmp\_isetup\_shfoldr.dll
C:\Windows\SysWOW64\ProfMan64.dll
C:\Users\win7\AppData\Local\Temp\is-5FTD6.tmp\_isetup\_shfoldr.dll
Kernel32.dll
RICHED20.DLL
0x1b42003c.d
Secur32.dll
api-ms-win-downlevel-advapi32-l2-1-0.dll
api-ms-win-downlevel-ole32-l1-1-0.dll
api-ms-win-downlevel-shlwapi-l2-1-0.dll
advapi32.dll
C:\Windows\system32\AdvApi32.dll
C:\Windows\system32\Msi.dll
C:\Windows\System32\msxml3r.dll
feclient.dll
cscapi.dll
user32.dll
Shlwapi.dll
gdi32.dll
msimg32.dll
oleaut32.dll
version.dll
winspool.drv
wlanapi.dll
wsock32.dll
C:\Users\win7\AppData\Local\Temp\is-UAE11.tmp\_isetup\_shfoldr.dll
C:\Windows\system32\wer.dll
C:\Windows\syswow64\KERNELBASE.dll
werui.dll
DUI70.dll
Comctl32.dll
DUser.dll
C:\Windows\system32\DUser.dll
C:\Windows\system32\RICHED20.DLL
C:\Windows\system32\xmllite.dll
secur32.dll
shlwapi.dll
Userenv.dll
WindowsCodecs.dll
C:\Windows\system32\EhStorShell.dll
C:\Windows\system32\ntshrui.dll
srvcli.dll
slc.dll
c:\windows\system32\imageres.dll
C:\Windows\system32\IconCodecService.dll
Mpr.dll
netutils.dll
GdiPlus.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\GdiPlus.dll
C:\Windows\system32\networkexplorer.dll
dhcpcsvc.DLL
OLEACCRC.DLL
C:\sampleENU.dll
C:\sampleLOC.dll
C:\Windows\winhlp32.exe
C:\Windows\SysWOW64\ieframe.dll
API-MS-WIN-DOWNLEVEL-SHLWAPI-L1-1-0.DLL
C:\Windows\system32\dwmapi.dll
C:\Windows\system32\mfc42u.dll
C:\Windows\system32\odbcint.dll
MSVCRT.DLL
WINMM.dll
WININET.dll
urlmon.dll
SXS.DLL
PROPSYS.dll
MSHTML.dll
C:\Windows\system32\ws2_32
MLANG.dll
USER32
User32.dll
C:\Windows\system32\advapi32.dll
C:\Windows\system32\asycfilt.dll
ProgramFilesDir
InstallRoot
CLRLoadLogDir
OnlyUseLatestCLR
NoGuiFromShim
log
DropLocation
Disable
DataFilePath
Plane1
Plane2
Plane3
Plane4
Plane5
Plane6
Plane7
Plane8
Plane9
Plane10
Plane11
Plane12
Plane13
Plane14
Plane15
Plane16
MS Shell Dlg 2
CommonFilesDir
RegisteredOwner
RegisteredOrganization
WaitToKillServiceTimeout
ColorName
CUID
Win31FileSystem
Sequence
RegFiles0000
RegSvcs0000
RegProcs0000
JSCount
ESCount
RRCount
SyncMode5
FEATURE_CLIENTAUTHCERTFILTER
FromCacheTimeout
SecureProtocols
DisableKeepAlive
IdnEnabled
PreConnectLimit
PreResolveLimit
SqmHttpStreamRandomUploadPoolSize
CacheMode
EnableHttp1_1
ProxyHttp1.1
EnableNegotiate
DisableBasicOverClearChannel
ClientAuthBuiltInUI
DisableReadRange
SocketSendBufferLength
SocketReceiveBufferLength
KeepAliveTimeout
MaxHttpRedirects
MaxConnectionsPerServer
MaxConnectionsPer1_0Server
MaxConnectionsPerProxy
ServerInfoTimeout
ConnectTimeOut
ConnectRetries
SendTimeOut
ReceiveTimeOut
DisableNTLMPreAuth
ScavengeCacheLowerBound
CertCacheNoValidate
ScavengeCacheFileLifeTime
ScavengeCacheFileLimit
HttpDefaultExpiryTimeSecs
FtpDefaultExpiryTimeSecs
LeashLegacyCookies
SendExtraCRLF
WpadSearchAllDomains
DontUseDNSLoadBalancing
ShareCredsWithWinHttp
DnsCacheEnabled
DnsCacheEntries
DnsCacheTimeout
WarnOnPost
WarnAlwaysOnPost
WarnOnZoneCrossing
WarnOnBadCertRecving
WarnOnPostRedirect
AlwaysDrainOnRedirect
WarnOnHTTPSToHTTPRedirect
TcpAutotuning
BadProxyExpiresTime
FrameTabWindow
FrameMerging
SessionMerging
AdminTabProcs
TabProcGrowth
AutoProxyDetectType
WpadOverride
DisableBranchCache
UseFirstAvailable
CombineFalseStartData
DisableFalseStartBlocklist
EnforceP3PValidity
DuoProtocols
EnableSpdyDebugAsserts
SystemSetupInProgress
ProxyEnable
ProxyServer
ProxyOverride
AutoConfigURL
AutoDetect
SavedLegacySettings
DefaultConnectionSettings
LastUDCheckTime
PostStatusUrl
LocalFileName
Version
EulaAccepted
DontSendAdditionalData
Disabled
DefaultConsent
DefaultOverrideBehavior
APPCRASH
LoggingDisabled
DontShowUI
DisableArchive
ConfigureArchive
DisableQueue
MaxQueueCount
MaxArchiveCount
ForceQueue
QueuePesterInterval
SendEFSFiles
BypassDataThrottling
ForceUserModeCabCollection
CorporateWerServer
CorporateWerUseSSL
CorporateWerPortNumber
CorporateWerUseAuthentication
UserContextLockCount
UserContextListCount
DoAnim
TextColor
CloseBy2ndClick
DisallowAdmin
MachineID
InstallationID
NoRun
NoDrives
RestrictRun
NoNetConnectDisconnect
NoRecentDocsHistory
NoClose
Language
Desktop
Templates
Cache
SendTo
Programs
Cookies
Favorites
AppData
Startup
Common Desktop
Common AppData
Common Startup
Common Templates
CreateUriCacheSize
EnablePunycode
DisableSecuritySettingsCheck
SpecialFoldersCacheSize
ProtectedModeOffForAllZones
EnableLUA
LuaOffLoRIEOn
ServiceName
NavigationDelay
IntranetCompatibilityMode
<NULL>
Compatible
Platform
UnattendLoaded
MSCompatibilityMode
UrlEncoding
WpadDecision
WpadDecisionTime
WpadExpirationDays
No3DBorder
DoNotTrack
EnableSSL3Fallback
EnableSPDY3_0
EnableUTF8
sample
TotalLimit
DomainLimit
RootDomainLimit
MaxSubDomains
DataStreamEnabledState
WpadDecisionReason
WpadDhcp
WpadDns
WpadDetectedUrl
IsTextPlainHonored
Extension
ZoomDisabled
ResetTextSizeOnStartup
ResetTextSizeOnZoom
ResetZoomOnStartup2
ZoomFactor
MinimumSystemTimerResolution
RenderingLoopMaxTime
DaysToKeep
RtfConverterFlags
Use_DlgBox_Colors
Anchor Underline
CSS_Compat
Expand Alt Text
Display Inline Images
Display Inline Videos
Play_Background_Sounds
Play_Animations
Print_Background
Use Stylesheets
SmoothScroll
XMLHTTP
Show image placeholders
Disable Script Debugger
DisableScriptDebuggerIE
Disable Diagnostics Mode
Move System Caret
Enable AutoImageResize
UseThemes
UseHR
Q300829
Cleanup HTCs
XDomainRequest
DOMStorage
JScriptProfileCacheEventDelay
Default_CodePage
Default_IEFontSizePrivate
Anchor Color
Anchor Color Visited
Anchor Color Hover
Always Use My Colors
Always Use My Font Size
Always Use My Font Face
Disable Visited Hyperlinks
Use Anchor Hover Color
MiscFlags
Allow Programmatic Cut_Copy_Paste
DisableCachingOfSSLPages
950
IEFontSize
IEFontSizePrivate
IEPropFontName
IEFixedFontName
IESerifFontName
IESansSerifFontName
IEUIFontName
VML
IE
WindowsEdition
CLSID
Tahoma
MS Sans Serif
ORACLE_HOME
SwapMouseButtons
SchemeLangID
Default Impersonation Level
ProcessID
EnablePrivateObjectHeap
ContextLimit
ObjectLimit
IdentifierLimit
C:\Users\win7\AppData\Local\Temp\Autodesk-WebInstall3StubGUI-execution.log
C:\Windows\system32\rsaenh.dll
C:\sample
\\.\Nsi
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_DF4CA81DC775CDA9B3214BDB5B55900E
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB
C:\
C:\Windows
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\Users\win7\AppData\Local\Temp\nseBE2B.tmp\System.dll
C:\sample.config
C:\Users\win7\AppData\Local\Temp\toolbar_log.txt
1.215.2481.0_TO_1.215.2627.0_MPASDLTA.VDM._P
1.215.2481.0_TO_1.215.2627.0_MPAVDLTA.VDM._P
C:\Windows\Fonts\staticcache.dat
C:\Users\win7\AppData\Local\Temp\is-S66P9.tmp\_isetup\_setup64.tmp
C:\Users\win7\AppData\Local\Temp\is-S66P9.tmp\_isetup\_shfoldr.dll
C:\Users\desktop.ini
C:\Users
C:\Users\win7
C:\Users\win7\AppData
C:\Users\win7\AppData\Local\Zemana\Tracer\sample.trace
C:\Users\win7\AppData\Local\Temp\{882A187A-D51F-4652-9FB0-2AF3C9A36DCB}.cat
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_E1EDEF0C21AE75D448F7327475DF4C9E
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_DEE69D93E594A5FDFDC011ECAA8298A2
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2659C1A560AB92C9C29D4B2B25815AE8
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0270780F846F08BEFE0DD8112D932FEF
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3781B4A3713292956206932165FA4132_EEDF05831C87F45FF7C351C81E35FA0B
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3781B4A3713292956206932165FA4132_858B41199908939D4057DA237C57D76D
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5781E92BE36651A8ED64685F2F3CF507
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3342430143A0BE2B139C3444FED0820
C:\Windows\System32\ntdll.dll
1.215.2624.0_TO_1.215.2653.0_MPASDLTA.VDM._P
1.215.2624.0_TO_1.215.2653.0_MPAVDLTA.VDM._P
C:\Windows\Temp\IntelChip\Chipins.log
config.json
C:\ucbrowsermd.pak
C:\Users\win7\AppData\Local\Temp\is-NRR02.tmp\_isetup\_setup64.tmp
C:\Users\win7\AppData\Local\Temp\is-NRR02.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-5FTD6.tmp\_isetup\_setup64.tmp
C:\Users\win7\AppData\Local\Temp\is-5FTD6.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\jusched.log
C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\mbahost.dll
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\es\AdguardInstaller.resources.dll
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\sr\AdguardInstaller.resources.dll
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\BootstrapperCore.dll
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\mbapreq.dll
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\mbapreq.thm
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\mbapreq.png
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1028\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1029\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1030\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1031\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1032\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1035\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1036\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1038\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1040\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1041\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1042\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1043\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1044\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1045\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1046\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1049\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1051\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1053\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1055\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\1060\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\2052\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\2070\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\3082\mbapreq.wxl
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\AdguardInstaller.dll
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\BootstrapperCore.config
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\ru\AdguardInstaller.resources.dll
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\de\AdguardInstaller.resources.dll
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\pt\AdguardInstaller.resources.dll
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\ja\AdguardInstaller.resources.dll
C:\Users\win7\AppData\Local\Temp\{9c620124-6fbe-49a4-9bd3-0a4457f57dc4}\.ba1\BootstrapperApplicationData.xml
C:\Users\win7\AppData\Local\Temp\Adguard_20160323194515.log
\\.\pipe\BurnPipe.{344CDA8B-C287-4C0F-9A91-76227F5A80C1}
C:\Users\win7\AppData\Local\Temp\Setup_20160323194515_Failed.txt
\\.\PIPE\wkssvc
C:\C:\sample
C:\Users\win7\AppData\Local\Temp\ptn47AC.tmp
C:\Users\win7\AppData\Local\Temp\is-UAE11.tmp\_isetup\_RegDLL.tmp
C:\Users\win7\AppData\Local\Temp\is-UAE11.tmp\_isetup\_setup64.tmp
C:\Users\win7\AppData\Local\Temp\is-UAE11.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\CR_7CD65.tmp\CHROME_PATCH.PACKED.7Z
C:\Users\win7\AppData\Local\Temp\CR_7CD65.tmp\SETUP_PATCH.PACKED.7Z
C:\Windows\system32\en-US\erofflps.txt
C:\Users\win7\AppData\Local\Temp\WERDE6A.tmp.WERInternalMetadata.xml
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DB87D2AB058205E5452E4516D5631B
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3151BAC9462B3E2DEE2326609B77DE7E
C:\Users\win7\AppData\Local\Temp\CR_49B0D.tmp\CHROME_PATCH.PACKED.7Z
C:\Users\win7\AppData\Local\Temp\CR_49B0D.tmp\SETUP_PATCH.PACKED.7Z
C:\Users\win7\AppData\Local\IconCache.db
\??\C:\Windows\system32\EhStorShell.dll
\??\C:\Windows\system32\ntshrui.dll
\\.\PIPE\srvsvc
C:\Users\win7\AppData\Local
C:\Users\win7\AppData\Local\Microsoft
C:\Users\win7\AppData\Local\Microsoft\Windows
C:\Users\win7\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\Users\win7\AppData\Roaming
C:\Users\win7\AppData\Roaming\Microsoft\desktop.ini
C:\Users\win7\AppData\Roaming\Microsoft
C:\Users\win7\AppData\Roaming\Microsoft\Windows
C:\Users\win7\Favorites\desktop.ini
\\.\aswSP_Handler
\\.\ASWSP_Open
\\.\ASWSP
C:\Users\win7\AppData\Local\GDIPFONTCACHEV1.DAT
C:\WINDOWS\FONTS\TIMES.TTF
C:\WINDOWS\FONTS\TIMESBD.TTF
C:\WINDOWS\FONTS\TIMESI.TTF
C:\WINDOWS\FONTS\TIMESBI.TTF
\??\C:\Windows\system32\NetworkExplorer.dll
\\.\C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Setup.log
\\.\aswSP
\\.\C:\ProgramData\AVAST Software\Persistent Data\Avast\Reboot.txt
C:\Users\win7\AppData\Local\Temp\SWI4AF4.tmp
C:\test\deldir\www.txt
\??\C:\Windows\SysWOW64\ieframe.dll
C:\Program Files\desktop.ini
C:\Program Files
C:\Program Files\Internet Explorer
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\win7\AppData\Local\Temp
C:\Users\win7\Searches\desktop.ini
C:\Users\win7\Videos\desktop.ini
C:\Users\win7\Contacts\desktop.ini
C:\Users\win7\Downloads\desktop.ini
C:\Users\win7\AppData\Roaming\360SE\data\superguard_1.dat
C:\Users\win7\AppData\Roaming\360SE\data\unsa.ini
C:\Users\win7\AppData\Roaming\360SE\apps\ExtSmartWiz\ExtSmartWiz.dll
C:\360live.dll
C:\LoginEnrol\LoginEnrol.dll
\\.\PhysicalDrive0
\\.\{CFE68B1E-656A-488B-8077-738CA67BA3A5}
C:\Users\win7\AppData\Roaming\360SE\data\user.dat
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\SysWOW64\stdole2.tlb
C:\SafeCentral\SafeCentral.dll
C:\adfilter.dll
C:\Users\win7\AppData\Local\Temp\twC0B0.tmp
C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0G27RVV\welcome5[1].htm
1.215.2642.0_TO_1.215.2770.0_MPASDLTA.VDM._P
1.215.2642.0_TO_1.215.2770.0_MPAVDLTA.VDM._P
C:\plsqldev.x
C:\params.ini
C:\Import\import.files
C:\Preferences\win7\default.ini
C:\Policies.cfg
C:\ReportStyles.lib
C:\Macro\win7.lib
C:\custom.kwf
winmgmts:{impersonationLevel=impersonate}!//WIN7-PC/root/cimv2
C:\Windows\system32\wbem\wbemdisp.TLB
C:\Users\win7\AppData\Local\Temp\autB94A.tmp
C:\Users\win7\AppData\Local\Temp\ResetBrowser\firefox.bmp
C:\Users\win7\AppData\Local\Temp\autB94B.tmp
C:\Users\win7\AppData\Local\Temp\ResetBrowser\chrome.bmp
C:\Users\win7\AppData\Local\Temp\autB94C.tmp
C:\Users\win7\AppData\Local\Temp\ResetBrowser\internetexplorer.bmp
C:\Users\win7\AppData\Local\Temp\autB94D.tmp
C:\Users\win7\AppData\Local\Temp\ResetBrowser\resetbrowser.jpg
C:\Users\win7\AppData\Local\Temp\\~DF4EDCD0FF9F3DF519.TMP
winmgmts:{impersonationLevel=impersonate}!root/default:SystemRestore
Software\Microsoft\Cryptography\Wintrust\Config
System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\.NETFramework\Policy\
v2.0
Software\Microsoft\.NETFramework
Upgrades
Standards
AppPatch
Software\Microsoft\.NETFramework\Policy\Standards
v4.0.30319
Software\Microsoft\.NETFramework\Policy\Upgrades
Software\AVG\AV
Software\AVG\Avg2017
Software\AVG\Avg2016
Software\AVG\Avg2015
Software\AVG\Avg2014
Software\AVG\Avg2013
Software\AVG\Avg2012
Software\AVG\Avg10
Software\AVG\Avg9
Software\AVG\Avg8
Software\DeviceVM\MDES\
SOFTWARE\Microsoft\MpSigStub
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
Tahoma
Software\CodeGear\Locales
Software\Borland\Locales
Software\Borland\Delphi\Locales
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
System\CurrentControlSet\Control\Keyboard Layouts\041F0409
System\CurrentControlSet\Control\Keyboard Layouts\04090409
SOFTWARE\Microsoft\Windows NT\CurrentVersion
System\CurrentControlSet\Control
Software\Microsoft\RestartManager
MS Sans Serif
Verdana
Software\Microsoft\Windows\CurrentVersion\Uninstall\{20379D3A-321B-4830-96A6-37183B713AE8}_is1
Software\Embarcadero\Locales
ThemeManager
SOFTWARE\ZmnGlobalSDK
SOFTWARE\Microsoft\OLEAUT
Software\Microsoft\Windows\CurrentVersion\Setup
system\CurrentControlSet\control\NetworkProvider\HwOrder
Software\Microsoft\COM3
CLSID\{770AD11D-C619-40D9-91CB-D331D360E741}
Software\Microsoft\OLE
Software\Microsoft\Rpc
Software\Policies\Microsoft\Windows NT\Rpc
AppID\sample
Software\Microsoft\OLE\AppCompat
SOFTWARE\Microsoft\OLE
SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
Software\Policies\Microsoft\Cryptography
Software\Microsoft\Cryptography
Software\Microsoft\Cryptography\Offload
Interface\{00000134-0000-0000-C000-000000000046}
ProxyStubClsid32
SYSTEM\CurrentControlSet\Services\BFE
Software\Policies\Microsoft\Windows\App Management
SOFTWARE\Microsoft\CTF\Compatibility\sample
Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
SOFTWARE\Microsoft\CTF\TIP\
{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
Keyboard Layout\Toggle
Software\Microsoft\CTF\DirectSwitchHotkeys
SOFTWARE\Microsoft\CTF\
SOFTWARE\Microsoft\CTF\KnownClasses
Software\Microsoft\CTF\LayoutIcon\0409\0000041f
SYSTEM\CurrentControlSet\Control\FileSystem
SOFTWARE\COMODO\CCAV\DbgTrace\
SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
Software\Microsoft\Windows\CurrentVersion\Uninstall\Kernel OST Viewer_is1
SOFTWARE\JavaSoft\Java Web Start
SOFTWARE\JavaSoft\Java Update\Policy
Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Software\Microsoft\Internet Explorer\Main\FeatureControl
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
RETRY_HEADERONLYPOST_ONCONNECTIONRESET
FEATURE_MIME_HANDLING
FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
FEATURE_INCLUDE_PORT_IN_SPN_KB908209
FEATURE_BUFFERBREAKING_818408
FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
FEATURE_USE_CNAME_FOR_SPN_KB911149
FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
FEATURE_DIGEST_NO_EXTRAS_IN_URI
FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies
Software
Software\Policies\Microsoft\Internet Explorer
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
Software\Microsoft\Internet Explorer\Main
Software\Policies\Microsoft\Internet Explorer\Main
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
System\Setup
.DEFAULT
S-1-5-19
S-1-5-20
S-1-5-21-3979321414-2393373014-2172761192-1000
S-1-5-21-3979321414-2393373014-2172761192-1000_Classes
S-1-5-18
JavaSoft
Java Runtime Environment
SOFTWARE\Microsoft\Internet Explorer
SOFTWARE\Policies\Microsoft\Windows\Installer
Software\Microsoft\Windows\CurrentVersion\Uninstall\Okey+_is1
Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Software\Microsoft\Windows\Windows Error Reporting\Debug
Software\Microsoft\Windows\Windows Error Reporting
Software\Policies\Microsoft\Windows\Windows Error Reporting
Consent
ExcludedApplications
DebugApplications
SOFTWARE\Microsoft\Reliability Analysis\RAC
SYSTEM\CurrentControlSet\Control\SystemInformation
SYSTEM\CurrentControlSet\Control\Windows
Software\Microsoft\Windows\CurrentVersion\CEIPRole\RolesInWER
Software\Alastria Software\7stacks\Preferences
Software\Alastria Software\7stacks\JumplistData
Software\Alastria Software\7stacks\StacksOpen
Software\AVAST Software\Avast
SOFTWARE\Freedom Scientific\JAWS
SOFTWARE\NVDA
Software\ALWIL Software\Avast
Software\ALWIL Software\Avast\5.0
Software\ALWIL Software\Avast\4.0
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
software
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
Microsoft\Internet Explorer\Security
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
FEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
FEATURE_PROTOCOL_LOCKDOWN
software\360\360se5\default\dlloption
Microsoft\Internet Explorer\Low Rights
Software\Microsoft\Windows\CurrentVersion\Policies\System
Software\Microsoft\Internet Explorer\Low Rights
SOFTWARE\Microsoft\BidInterface\Loader
SOFTWARE\ODBC\ODBC.INI\ODBC
SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
FEATURE_WEBOC_GLOBAL_WINLIST
SOFTWARE\Microsoft\Internet Explorer\MAIN
FEATURE_IEDDE_REGISTER_PROTOCOL
Software\Microsoft\Internet Explorer\MediaTypeClass
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
FEATURE_BROWSER_COMPATDATA
FEATURE_BROWSER_EMULATION
Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\QuirksPolicyList
Software\Policies\Microsoft\Internet Explorer\BrowserEmulation
Software\Microsoft\Internet Explorer\BrowserEmulation
FEATURE_DISABLE_INTERNAL_SECURITY_MANAGER
Software\360\360se5\default\LastUrls
Software\360\360se5\default\Search
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Pre Platform
Post Platform
Software\Policies\Microsoft\PeerDist\Service
Software\Microsoft\Windows NT\CurrentVersion\PeerDist\Service
FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
Microsoft\Windows\CurrentVersion\Internet Settings
Content
{69DC4768-446B-4F82-A6B0-63966A243064}
Cookies
History
Software\Microsoft\Internet Explorer
FEATURE_MAXCONNECTIONSPERSERVER
FEATURE_MAXCONNECTIONSPER1_0SERVER
Main
FEATURE_URLMON_IQDA_SIZE
FEATURE_MIME_USE_BUILTIN_ACCEPT_HEADERS
SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Internet Explorer\Control Panel
Control Panel
Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache
BrowserStorage\AppCache
SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\users\S-1-5-21-3979321414-2393373014-2172761192-1000
BrowserEmulation
FEATURE_ALWAYS_SEND_EXTENDED_UA_STRING
PROTOCOLS\Name-Space Handler\
FEATURE_GPU_RENDERING
FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120
FEATURE_ARIA_SUPPORT
FEATURE_LEGACY_DISPPARAMS
FEATURE_PRIVATE_FONT_SETTING
FEATURE_CSS_SHOW_HIDE_EVENTS
FEATURE_DISPLAY_NODE_ADVISE_KB833311
FEATURE_ALLOW_EXPANDURI_BYPASS
FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245
FEATURE_DATABINDING_SUPPORT
FEATURE_ENFORCE_BSTR
FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING
FEATURE_OBJECT_CACHING
FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW
FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454
FEATURE_DOWNLOAD_INITIATOR_HTTP_HEADER
FEATURE_MOBILE_CUSTOMIZATIONS
FEATURE_HIGH_RESOLUTION_AWARE
FEATURE_FORCE_DISABLE_UNTRUSTEDPROTOCOL
FEATURE_USE_WEBOC_OMNAVIGATOR_IMPLEMENTATION
FEATURE_USE_SECURITY_THUNKS
FEATURE_DISABLE_DEFERRED_IMAGE_DOWNLOAD
FEATURE_LAZY_IMAGE_DECODING
FEATURE_LAZIER_IMAGE_DECODING
FEATURE_ALLOW_INTRANET_CSS_MIME_MISMATCH
FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION
FEATURE_ENABLE_LARGER_HIT_TEST
FEATURE_USE_LEGACY_JSCRIPT
FEATURE_MOBILE_VIEWPORT_WIDTH_RESTRICTIONS
FEATURE_PASTE_IMAGE_DATAURI
FEATURE_NEW_TREE_VERIFICATION
FEATURE_MOBILE_DISPOSABLE_RESOURCE_CACHE_THRESHOLD_BYTES
FEATURE_DOCUMENT_COMPATIBLE_MODE
FEATURE_ENABLE_WEB_CONTROL_VISUALS
FEATURE_XDOMAINREQUEST
FEATURE_WEBSOCKET
FEATURE_USE_UNISCRIBE
FEATURE_PAINT_INSIDE_WMPAINT
FEATURE_SOFTWARE_FILTER_RENDERING
FEATURE_SPELLCHECKING
FEATURE_FORCE_NATURAL_TEXT_METRICS
FEATURE_ENABLE_PERFWIDGET_EXTRA_INFO
FEATURE_DISABLE_FORMAT_REUSE
FEATURE_ALLOW_WINDOW_PUTNAME_CROSS_DOMAIN
FEATURE_REDUCE_RENDER_AHEAD_CACHE
FEATURE_CLEANUP_AT_FLS
Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Application Compatibility
Software\Policies\Microsoft\Internet Explorer\DOMStorage
DOMStorage
Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE
Safety\PrivacIE
Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
Suggested Sites
FEATURE_SHOW_CERT_WARNINGS_ON_POST_FROM_ISTREAM_KB2894776
SOFTWARE\Classes\PROTOCOLS\Filter\text/html
FEATURE_MIME_SNIFFING
FEATURE_FEEDS
MIME\Database\Content Type\text/html
FEATURE_MEMPROTECT_MODE
FEATURE_OLEALIAS_GWND
FEATURE_TOPMOST_GWND
FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS
Software\Microsoft\Internet Explorer\Security\Floppy Access
Software\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection
PROTOCOLS\Name-Space Handler\about\
PROTOCOLS\Name-Space Handler\*\
Software\Policies\Microsoft\Internet Explorer\Zoom
Software\Microsoft\Internet Explorer\Zoom
FEATURE_WEBOC_DOCUMENT_ZOOM
FEATURE_96DPI_PIXEL
FEATURE_NINPUT_LEGACYMODE
FEATURE_ALIGNED_TIMERS
FEATURE_VSYNC_WATCHDOG
FEATURE_ALLOW_HIGHFREQ_TIMERS
Software\Microsoft\Internet Explorer\Suggested Sites
Microsoft\Windows\CurrentVersion\Internet Settings\Url History
FEATURE_SAFE_BINDTOOBJECT
FEATURE_LEGACY_DLCONTROL_BEHAVIORS
International
Software\Policies\Microsoft\Internet Explorer\International\Scripts
Scripts
International\Scripts
Software\Policies\Microsoft\Internet Explorer\Settings
Settings
Styles
Text Scaling
Viewport
Larger Hit Test
Script
AdvancedOptions\DISAMBIGUATION
Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
Software\Microsoft\Windows\CurrentVersion\Policies
Software\Microsoft\Internet Explorer\PageSetup
MenuExt
SYSTEM\CurrentControlSet\Control\Nls\CodePage
Version Vector
FEATURE_ZONE_ELEVATION
FEATURE_DISABLE_NAVIGATION_SOUNDS
Software\Policies\Microsoft\Internet Explorer\IEDevTools\Options
IEDevTools\Options
MIME\Database\Content Type\text/xml
FEATURE_XSSFILTER
FEATURE_PROCESS_XML_AS_HTML
AppID
{224DE05D-31E9-4B28-9DE5-65ACEAF2BF21}
software\Allround Automations\PL/SQL Developer\Preferences
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
software\Allround Automations\PL/SQL Developer\WindowList
software\Allround Automations\PL/SQL Developer\History\Find
software\Allround Automations\PL/SQL Developer\SearchBar
SOFTWARE\ORACLE\ALL_HOMES
SOFTWARE\ORACLE
software\Allround Automations\PL/SQL Developer\MRU
software\Allround Automations\PL/SQL Developer\MRU\Project
PL/SQL Developer
software\Allround Automations\PL/SQL Developer\Position
software\Allround Automations\PL/SQL Developer\Browser
software\Allround Automations\PL/SQL Developer\Files
software\Allround Automations\PL/SQL Developer\Logon
software\Allround Automations\PL/SQL Developer\Printer
software\Allround Automations\PL/SQL Developer\AutoRefresh
software\Allround Automations\PL/SQL Developer\Macros
Control Panel\Mouse
Software\AutoIt v3\AutoIt
Control Panel\Appearance
Software\Microsoft\Wbem\Scripting
Software\Microsoft\WBEM\CIMOM
MS Shell Dlg
<NULL>
Local\vprotector166c726cc8978fcc
MUTEX_KUGOUV8_TRANS
MUTEX_KUGOUV8_TRANS_MAINFORM
MUTEX_KUGOUV8_TRANS_DESTROY
Local\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511
Local\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000
madExceptSettingsMtx$91c
Global\D23E1C660FECEDD41769818A71190FC6
SunJavaUpdateCheckerMutex
MutexNPA_UnitVersioning_856
Global\308ba75e-f13a-11e5-9e88-08002763e612
RasPbFile
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
c__sample
Local\!BrowserEmulation!SharedMemory!Mutex
win10
Local\vprotector166c726cc8978fcc
Local\MSCTF.Asm.MutexDefault1
DefaultTabtip-MainUI
from_se5_to_se6
Local\!BrowserEmulation!SharedMemory!Mutex
C:\Windows\system32\credui.dll
C:\sample
C:\Windows\syswow64\CRYPT32.dll
C:\Windows\system32\cryptnet.dll
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
C:\Users\win7\AppData\Local\Temp\is-A0HQA.tmp\sample.tmp
C:\Windows\system32\ntmarta.dll
C:\Windows\system32\FaultRep.dll
C:\Windows\system32\WINSTA.dll
C:\Windows\system32\WINDOWSCODECS.DLL
C:\Windows\system32\UXTHEME.DLL
C:\Windows\system32\DWMAPI.DLL
C:\Windows\system32\WINSPOOL.DRV
C:\Windows\system32\WINMM.DLL
C:\Windows\system32\webio.dll
C:\Windows\system32\WINHTTP.DLL
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\COMCTL32.DLL
C:\Windows\system32\MSIMG32.DLL
C:\Windows\system32\WTSAPI32.DLL
C:\Windows\system32\sfc_os.DLL
C:\Windows\system32\SFC.DLL
C:\Windows\system32\wkscli.dll
C:\Windows\system32\srvcli.dll
C:\Windows\system32\netutils.dll
C:\Windows\system32\NETAPI32.DLL
C:\Windows\system32\WINNSI.DLL
C:\Windows\system32\IPHLPAPI.DLL
C:\Windows\system32\FLTLIB.DLL
C:\Windows\system32\DHCPCSVC.DLL
C:\Windows\system32\DNSAPI.dll
C:\Windows\system32\version.DLL
C:\CFVS_HookDll.dll
C:\Windows\syswow64\CRYPTBASE.dll
C:\Windows\syswow64\SspiCli.dll
C:\Windows\syswow64\CFGMGR32.dll
C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\Windows\syswow64\iertutil.dll
C:\Windows\syswow64\PSAPI.DLL
C:\Windows\SysWOW64\sechost.dll
C:\Windows\syswow64\msvcrt.dll
C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\Windows\syswow64\ADVAPI32.dll
C:\Windows\syswow64\ole32.DLL
C:\Windows\syswow64\SETUPAPI.DLL
C:\Windows\syswow64\SHELL32.dll
C:\Windows\syswow64\kernel32.dll
C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\Windows\syswow64\profapi.dll
C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\Windows\syswow64\NSI.dll
C:\Windows\syswow64\GDI32.dll
C:\Windows\syswow64\MSASN1.dll
C:\Windows\syswow64\USERENV.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\syswow64\OLEAUT32.DLL
C:\Windows\syswow64\urlmon.dll
C:\Windows\syswow64\KERNELBASE.dll
C:\Windows\syswow64\normaliz.DLL
C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\Windows\syswow64\COMDLG32.DLL
C:\Windows\syswow64\WININET.dll
C:\Windows\syswow64\shlwapi.DLL
C:\Windows\syswow64\IMAGEHLP.DLL
C:\Windows\syswow64\DEVOBJ.dll
C:\Windows\syswow64\WS2_32.dll
C:\Windows\syswow64\WINTRUST.DLL
C:\Windows\syswow64\CRYPT32.DLL
C:\Windows\syswow64\USP10.dll
C:\Windows\syswow64\RPCRT4.dll
C:\Windows\syswow64\WLDAP32.dll
C:\Windows\syswow64\LPK.dll
C:\Windows\SysWOW64\ntdll.dll
C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
C:\Users\win7\AppData\Local\Temp\is-3QKG2.tmp\sample.tmp
C:\Windows\SysWOW64\regsvr32.exe
C:\Users\win7\AppData\Local\Temp\is-R44IH.tmp\sample.tmp
C:\Windows\system32\RICHED20.DLL
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
C:\Windows\System32\msxml3.dll
C:\Users\win7\AppData\Local\Temp\is-40PAD.tmp\sample.tmp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\system32\werui.dll
C:\Windows\SysWOW64\schannel.dll
C:\Windows\system32\EhStorShell.dll
C:\Windows\winhlp32.exe
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\system32\PROPSYS.dll
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Windows\system32\UxTheme.dll
C:\Windows\System32\netprofm.dll
C:\Users\win7\AppData\Local\Temp\nspBE1B.tmp
C:\Users\win7\AppData\Local\Temp\nseBE2B.tmp
C:\Users\win7\AppData\Local\Temp\nseBE2B.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\sample.madExcept\.
C:\Users\win7\AppData\Local\Temp\sample.madExcept\..
C:\Users\win7\AppData\Local\Temp\{882A187A-D51F-4652-9FB0-2AF3C9A36DCB}.cat
C:\Users\win7\AppData\Local\Temp\is-3QKG2.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-NRR02.tmp\_isetup\_setup64.tmp
C:\Users\win7\AppData\Local\Temp\is-NRR02.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\CR_7CD65.tmp\SETUP_PATCH.PACKED.7Z
C:\Users\win7\AppData\Local\Temp\CR_7CD65.tmp\CHROME_PATCH.PACKED.7Z
C:\Users\win7\AppData\Local\Temp\WERDE6A.tmp
C:\Users\win7\AppData\Local\Temp\WERDE6A.tmp.WERInternalMetadata.xml
C:\Users\win7\AppData\Local\Temp\CR_49B0D.tmp\SETUP_PATCH.PACKED.7Z
C:\Users\win7\AppData\Local\Temp\CR_49B0D.tmp\CHROME_PATCH.PACKED.7Z
C:\plsqldev.x
C:\Users\win7\AppData\Local\Temp\autB94A.tmp
C:\Users\win7\AppData\Local\Temp\autB94B.tmp
C:\Users\win7\AppData\Local\Temp\autB94C.tmp
C:\Users\win7\AppData\Local\Temp\autB94D.tmp
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date:   2016-09-05 16:46:19.697615 ( )
Analysis End Date:  2016-09-06 11:36:44.833758 ( )
File Upload Date:  2016-03-24 06:51:37.340358 ( )
Update Date:  2016-09-06 11:36:44.840367 ( )
Human Expert Analyst Feedback:   None
Verdict:   Clean
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|