Analyzing...
|
File Name:   65a02cfee3e5b1b563e5440fb14ee526
SHA1:   ec7a62644f8c2993585ca5ab8b7ff4af2b502958
MD5:   65a02cfee3e5b1b563e5440fb14ee526
First Seen Date:  2015-10-31 15:09:57.434000 ( )
Number of Clients Seen:   6
Last Analysis Date:  2016-04-09 03:37:35.698853 ( )
Human Expert Analysis Result:   No human expert analysis verdict given to this sample yet.
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2016-04-09 03:37:35.698853 | Malware | |
Static Analysis Overall Verdict | 2016-04-09 03:37:35.698853 | No Threat Found | help |
Dynamic Analysis Overall Verdict | 2016-04-09 03:37:35.698853 | No Threat Found | help |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Suspicious | |
Timestamp value suspicious | Suspicious | |
Header Checksum is zero! | Suspicious | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Suspicious | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Packer detection on signature database
UPX v0.89.6 - v1.02 / v1.05 - v1.22 DLL
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Has no visible windows |
Behavioral Information
C:\Users\win7\AppData\Local\Temp\EC33651E57AF5E114A96800072B0B333\SETUP.DLL
OLEACCRC.DLL
UxTheme.dll
C:\Windows\system32\dwmapi.dll
DbgHelp.dll
KERNEL32.DLL
C:\Users\win7\AppData\Local\Temp\EC33651E57AF5E114A96800072B0B333\SETUPENU.dll
C:\Users\win7\AppData\Local\Temp\EC33651E57AF5E114A96800072B0B333\SETUPLOC.dll
C:\Windows\system32\jscript9.dll
CRYPTSP.dll
ADVAPI32.dll
CRYPTBASE.dll
comctl32.dll
user32
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
kernel32.dll
api-ms-win-downlevel-shlwapi-l2-1-0.dll
urlmon.dll
api-ms-win-downlevel-ole32-l1-1-0.dll
ole32.dll
OLEAUT32.dll
Secur32.dll
MSHTML.dll
shell32.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
OLEAUT32.DLL
mshtml.dll
SHELL32.dll
api-ms-win-downlevel-advapi32-l2-1-0.dll
IEFRAME.dll
user32.dll
msls31.dll
d2d1.dll
DWrite.dll
dxgi.dll
C:\DXGIDebug.dll
C:\Windows\system32\DXGIDebug.dll
gdi32.dll
setupapi.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
WINTRUST.dll
d3d11.dll
D3D10Warp.dll
C:\Windows\system32\D3D10Warp.dll
C:\Windows\system32\Msimtf.dll
MLANG.dll
PROPSYS.dll
propsys.dll
WININET.dll
ntdll.dll
ntmarta.dll
Shell32.dll
API-MS-WIN-DOWNLEVEL-SHLWAPI-L1-1-0.DLL
WINMM.dll
C:\Windows\system32\WINMM.dll
API-MS-WIN-Service-Management-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
RPCRT4.dll
MMDevAPI.DLL
wdmaud.drv
MMDEVAPI.DLL
SETUPAPI.dll
SHLWAPI.dll
AUDIOSES.DLL
WS2_32.dll
winhttp.dll
msacm32.drv
midimap.dll
IPHLPAPI.DLL
UIAutomationCore.dll
CFGMGR32.dll
api-ms-win-core-winrt-l1-1-0.dll
C:\Windows\System32\msxml3r.dll
SXS.DLL
olepro32.dll
URLMON.DLL
IMM32.dll
imageres.dll
C:\sample
NSSearch.dll
KERNEL32.dll
POWRPROF.dll
dbghelp.dll
VERSION.dll
USER32.dll
GDI32.dll
DNSAPI.dll
imm32.dll
C:\RaWLAPI.dll
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-win-core-fibers-l1-1-1
advapi32
api-ms-win-core-localization-l1-2-1
SspiCli.dll
api-ms-win-appmodel-runtime-l1-1-1
ext-ms-win-kernel32-package-current-l1-1-0
advapi32.dll
mpr.dll
oleaut32.dll
version.dll
wininet.dll
wsock32.dll
uxtheme.dll
Urlmon.dll
Advapi32.dll
COMCTL32
KERNEL32
msi.dll
CRYPT32.dll
USERENV.dll
dhcpcsvc.DLL
Comctl32.dll
C:\Windows\system32\ws2_32
secur32.dll
ncrypt.dll
C:\Windows\SysWOW64\bcryptprimitives.dll
API-MS-Win-Security-SDDL-L1-1-0.dll
cryptnet.dll
C:\Windows\system32\cryptnet.dll
SensApi.dll
WINHTTP.dll
NSI.dll
API-MS-WIN-Service-Management-L2-1-0.dll
profapi.dll
Cabinet.dll
DEVRTL.dll
C:\Windows\System32\shdocvw.dll
C:\Users\win7\AppData\Local\Temp\is-MGUDK.tmp\_isetup\_shfoldr.dll
shfolder.dll
Rstrtmgr.dll
C:\Windows\system32\imageres.dll
C:\Windows\system32\shell32.dll
C:\Windows\system32\shlwapi.dll
C:\Users\win7\AppData\Local\Temp\is-0777I.tmp\_isetup\_shfoldr.dll
C:\Windows\system32\ExplorerFrame.dll
OLEAUT32
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\_isetup\_shfoldr.dll
winmm.dll
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\innocallback.dll
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\innocallback.ENU
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\innocallback.EN
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\IsProgressBar.dll
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\IsProgressBar.ENU
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\IsProgressBar.EN
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\ISDone.dll
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\isskin.dll
C:\Windows\system32\odbcint.dll
MSVCRT.DLL
C:\Users\win7\AppData\Local\Temp\is-KJ1LK.tmp\sample.tmp
UXTHEME.DLL
PSAPI.DLL
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\CoopLand.cjstyles
msimg32.dll
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\botva2.dll
GDIPlus
WindowsCodecs.dll
BrLogAPI.dll
BrDbgOut.dll
BrDbgOtW.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
mscoree.dll
ntdll
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
RichEd20.dll
mscorsec.dll
WINTRUST.DLL
C:\Windows\syswow64\CRYPT32.dll
imagehlp.dll
bcrypt.dll
ADVAPI32.DLL
C:\Users\win7\AppData\Local\Temp\is-DG1SO.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-DG1SO.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-IITFE.tmp\_isetup\_shfoldr.dll
MSFTEDIT.DLL
Msi.DLL
C:\Windows\SysWOW64\OLE32.DLL
RICHED20.DLL
COMCTL32.dll
gdiplus.dll
MSIMG32.dll
Msftedit.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
C:\Windows\SysWOW64\ieframe.dll
iertutil.dll
DUser.dll
C:\Windows\system32\DUser.dll
dwmapi.dll
C:\Windows\system32\xmllite.dll
Riched20.dll
C:\Windows\SysWOW64\msls31.dll
comdlg32.dll
msvcrt.dll
shlwapi.dll
COMDLG32.dll
ws2_32.dll
inetmib1.dll
snmpapi.dll
rpcrt4.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
AdvApi32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\12dc10e5c0e8d176cf21a16a6fc5fc3b\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5a401fd2a7689ff13fb54182953f9c40\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6949c4470a81970ec3de0a575d93babc\System.Windows.Forms.ni.dll
SHFOLDER
wtsapi32.dll
WINSTA.dll
advpack.dll
SPINF.dll
SPFILEQ.dll
C:\Windows\system32\directx\websetup\dsetup.dll
C:\Windows\system32\directx\websetup\dsetup32.dll
C:\Users\win7\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
C:\Windows\system32\DirectX\WebSetup\dsetup.dll
C:\Windows\system32\DirectX\WebSetup\DSETUP32.DLL
C:\Windows\system32\ntkrnlpa.exe
C:\Users\win7\AppData\Local\Temp\nsoFA01.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsoFA01.tmp\UAC.dll
AdvAPI32
SECUR32
RichEd20
C:\Users\win7\AppData\Local\Temp\nsoFA01.tmp\InstallOptions.dll
C:\Users\win7\AppData\Local\Temp\nssDF7A.tmp\System.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\63e9d5c341d64a753cde97f5a3d65c71\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\aed7d83172e09689d6aac4c4e91d57c7\System.Xml.Linq.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
oleaut32
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
C:\Windows\system32\clusapi.dll
feclient.dll
C:\Users\win7\AppData\Local\Temp\nseB805.tmp\UserInfo.dll
C:\Users\win7\AppData\Local\Temp\nseB805.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nseB805.tmp\ZipDLL.dll
C:\sampleENU.dll
C:\sampleLOC.dll
C:\Users\win7\AppData\Local\Temp\{EEBFACC9-3DF6-45B1-A3C3-2B970F901B87}\_Setup.dll
C:\Users\win7\AppData\Local\Temp\{EEBFACC9-3DF6-45B1-A3C3-2B970F901B87}\Disk1\ISSetup.dll
C:\Users\win7\AppData\Local\Temp\{29BF08D8-5EBF-4BBB-8889-EB06CD44EEA7}\{B7D28AE1-631E-4C83-9524-B52CC928061B}\ISRT.dll
RICHED32.DLL
C:\Users\win7\AppData\Local\Temp\{29BF08D8-5EBF-4BBB-8889-EB06CD44EEA7}\{B7D28AE1-631E-4C83-9524-B52CC928061B}\_isres.dll
C:\Windows\system32\AppHelp.dll
C:\Users\win7\AppData\Local\Temp\{EEBFACC9-3DF6-45B1-A3C3-2B970F901B87}\Disk1\data1.hdr
NTDLL
WINSPOOL.DRV
oledlg.dll
OLEACC.dll
dnsapi.dll
C:\Users\win7\AppData\Local\Temp\nsn92D7.tmp\TvGetVersion.dll
C:\Users\win7\AppData\Local\Temp\nsn92D7.tmp\UserInfo.dll
C:\Users\win7\AppData\Local\Temp\nsn92D7.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsn92D7.tmp\InstallOptions.dll
C:\Users\win7\AppData\Local\Temp\nsn92D7.tmp\linker.dll
dwmapi
C:\PYTHON27.DLL
pythondll
C:\Windows\system32\psapi.dll
C:\Windows\system32\WindowsCodecs.dll
C:\Windows\system32\bcrypt.dll
C:\Windows\system32\msi.dll
C:\Windows\system32\USP10.dll
C:\Windows\system32\msls31.dll
C:\Windows\system32\version.dll
C:\Windows\system32\mpr.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\system32\profapi.dll
C:\Windows\system32\gdiplus.dll
C:\Windows\system32\userenv.dll
C:\Windows\system32\davhlpr.dllole32.dll
C:\Windows\system32\oleaut32.dll
C:\Windows\system32\comctl32.dll
C:\Windows\system32\advapi32.dll
C:\Windows\system32\gdi32.dll
C:\Windows\system32\user32.dll
C:\Windows\system32\comdlg32.dll
C:\Windows\system32\msimg32.dll
C:\Windows\system32\dbghelp.dll
C:\Windows\system32\wininet.dll
C:\Windows\system32\urlmon.dll
C:\Windows\system32\cabinet.dll
C:\Windows\system32\kernel32.dll
C:\Windows\system32\propsys.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\system32\apphelp.dll
C:\Windows\system32\msasn1.dll
C:\Windows\system32\crypt32.dll
C:\Windows\system32\wintrust.dll
C:\Windows\system32\lpk.dll
C:\Windows\system32\setupapi.dll
C:\Windows\system32\usp10.dll
C:\Windows\system32\msihnd.dll
C:\Windows\system32\shcore.dll
C:\Windows\system32\cryptsp.dll
C:\Windows\system32\secur32.dll
C:\Windows\system32\RICHED20.DLL
atlthunk.dll
ComCtl32.dll
C:\Windows\system32\asycfilt.dll
C:\Windows\system32\UXTHEME.dll
C:\Windows\system32\USERENV.dll
C:\Windows\system32\SETUPAPI.dll
C:\Windows\system32\SHFOLDER.dll
C:\Users\win7\AppData\Local\Temp\is-0FNFJ.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\GUMFD91.tmp\goopdate.dll
cscapi.dll
C:\Users\win7\AppData\Local\Temp\GUMFD91.tmp\goopdateres_en.dll
mswsock.dll
Kernel32.dll
User32.dll
C:\Users\win7\AppData\Local\Temp\is-J5296.tmp\_isetup\_shfoldr.dll
winspool.drv
C:\Users\win7\AppData\Local\Temp\is-EA61V.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-EA61V.tmp\ISDone.dll
C:\Users\win7\AppData\Local\Temp\is-EA61V.tmp\b2p.dll
C:\Users\win7\AppData\Local\Temp\is-EA61V.tmp\botva2.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\GDIPlus.DLL
ieframe.dll
C:\Users\win7\AppData\Local\Temp\is-36MB5.tmp\_isetup\_shfoldr.dll
msacm32.dll
userenv.dll
security.dll
SHELL32
C:\Users\win7\AppData\Local\Temp\is-U88L8.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-U88L8.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-S0E0Q.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-S0E0Q.tmp\InstallerExtensions.dll
C:\Windows\SysWOW64\KERNEL32.DLL
C:\Windows\SysWOW64\VERSION.DLL
C:\Windows\SysWOW64\msi.dll
C:\Windows\system32\KERNEL32.DLL
C:\Windows\system32\NTDLL.DLL
C:\Windows\system32\ADVAPI32.DLL
C:\Users\win7\AppData\Local\Temp\OIC939.tmp
uxtheme
C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1163633.exe
RstrtMgr.dll
C:\Windows\system32\Adobe\Director\SwDir.dll
C:\Windows\system32\UxTheme.dll
C:\Windows\system32\Kernel32.dll
\\?\C:\Users\win7\AppData\Local\Temp\{93801939-3F36-4626-A1E1-1CA7080BACF9}\1033.dll
C:\Users\win7\AppData\Local\Temp\is-EIV1M.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-EIV1M.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-CEUPE.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-CEUPE.tmp\ISDone.dll
C:\Users\win7\AppData\Local\Temp\is-CEUPE.tmp\isSlideShow.dll
C:\Users\win7\AppData\Local\Temp\is-CEUPE.tmp\isSlideShow.ENU
C:\Users\win7\AppData\Local\Temp\is-CEUPE.tmp\isSlideShow.EN
C:\Users\win7\AppData\Local\Temp\is-CEUPE.tmp\CallbackCtrl.dll
Kernel32.DLL
SHFolder.dll
C:\Users\win7\AppData\Local\Temp\{91861EC7-F2DE-471F-9B98-7BDDD1E9F0B3}\ISSetup.dll
Ntdll.dll
C:\Windows\SysWOW64\TSAPPCMP.DLL
C:\Windows\SysWOW64\SHLWAPI.DLL
C:\Windows\SysWOW64\ADVAPI32.DLL
MsiMsg.dll
C:\Windows\SysWOW64\APPHELP.DLL
C:\Windows\SysWOW64\sxs.DLL
C:\Windows\SysWOW64\MSCOREE.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
C:\Windows\SysWOW64\SHELL32.DLL
C:\Windows\SysWOW64\NTDLL.DLL
APPHELP.DLL
C:\Windows\Downloaded Installations\{60A8F8BC-DC88-4903-993D-5E35050884FE}\LockKey.msi
C:\Windows\system32\DSOUND.DLL
HID.DLL
SETUPAPI.DLL
WINMM.DLL
USER32.DLL
VBoxDisp.dll
mscat32.dll
wintrust.dll
Kernel32
C:\Users\win7\AppData\Local\Temp\is-9CQTD.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-9CQTD.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-54OJ8.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-54OJ8.tmp\VclStylesInno.dll
C:\Users\win7\AppData\Local\Temp\is-54OJ8.tmp\ISDone.dll
C:\Users\win7\AppData\Local\Temp\is-54OJ8.tmp\BASS.dll
C:\Users\win7\AppData\Local\Temp\is-54OJ8.tmp\bp.dll
C:\Users\win7\AppData\Local\Temp\is-54OJ8.tmp\bp.ENU
C:\Users\win7\AppData\Local\Temp\is-54OJ8.tmp\bp.EN
C:\Users\win7\AppData\Local\Temp\is-51SAI.tmp\_isetup\_shfoldr.dll
USP10.dll
KBHOOK.dll
C:\Windows\system32\wbem\xml\wmi2xml.dll
C:\Users\win7\AppData\Local\CatalinaGroup\Update\1.3.25.223\goopdate.dll
C:\Users\win7\AppData\Local\CatalinaGroup\Update\1.3.25.223\psuser.dll
iphlpapi.dll
NETAPI32.dll
C:\Windows\system32\msvcrtd.dll
C:\Windows\system32\ws2_32.dll
C:\Windows\system32\iphlpapi.dll
HHCtrl.OCX
C:\Users\win7\AppData\Local\Temp\is-V3MNC.tmp\_isetup\_shfoldr.dll
C:\Windows\system32\sfc.dll
C:\Users\win7\AppData\Local\Temp\Opera_installer_20164511991.dll
ntshrui.dll
srvcli.dll
slc.dll
netutils.dll
HydraEnu.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4fddb3cf84aed83214f65fbe791348e5\Microsoft.PowerShell.ConsoleHost.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\24f3f84b0793777ae7337796ef5551a5\System.Management.Automation.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
psapi.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1a6d99549254a6a0dbac7b728f3e010b\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\30280e5e7d89ffe702df50de4d339fc7\System.Configuration.Install.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\34420c5bbb60572350b8af1a12d94451\Microsoft.WSMan.Management.ni.dll
C:\Users\win7\AppData\Local\Temp\nsi6885.tmp\IpConfig.dll
C:\Users\win7\AppData\Local\Temp\nsi6885.tmp\NSISEncrypt.dll
C:\Users\win7\AppData\Local\Temp\nsi6885.tmp\WmiInspector.dll
C:\Users\win7\AppData\Local\Temp\nsi6885.tmp\inetc.dll
C:\Users\win7\AppData\Local\Temp\nsi6885.tmp\nsJSON.dll
C:\Users\win7\AppData\Local\Temp\nsi6885.tmp\nsExec.dll
C:\crashhandler.dll
C:\Users\win7\AppData\Local\Temp\nsp6330.tmp\System.dll
MSVCP60.dll
MSVCRT.dll
riched32.dll
riched20.dll
C:\Windows\system32\ntshrui.dll
C:\Users\win7\AppData\Local\Temp\is-JN4LV.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-JN4LV.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\nsaC9E9.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsaC9E9.tmp\nsExec.dll
C:\Users\win7\AppData\Local\Temp\nsaC9E9.tmp\registry.dll
C:\Windows\System32\msxml6r.dll
C:\Windows\system32\EhStorShell.dll
c:\windows\system32\imageres.dll
powrprof.dll
C:\Windows\SysWOW64\ntdll.dll
C:\Windows\syswow64\kernel32.dll
C:\Windows\syswow64\KERNELBASE.dll
C:\CFVS_HookDll.dll
C:\Windows\syswow64\WS2_32.dll
C:\Windows\syswow64\msvcrt.dll
C:\Windows\syswow64\RPCRT4.dll
C:\Windows\syswow64\SspiCli.dll
C:\Windows\syswow64\CRYPTBASE.dll
C:\Windows\SysWOW64\sechost.dll
C:\Windows\syswow64\NSI.dll
C:\Windows\syswow64\urlmon.dll
C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\Windows\syswow64\ole32.DLL
C:\Windows\syswow64\GDI32.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\syswow64\ADVAPI32.dll
C:\Windows\syswow64\LPK.dll
C:\Windows\syswow64\USP10.dll
C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\Windows\syswow64\shlwapi.DLL
C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\Windows\system32\version.DLL
C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\Windows\syswow64\normaliz.DLL
C:\Windows\syswow64\iertutil.dll
C:\Windows\syswow64\WININET.dll
C:\Windows\syswow64\USERENV.dll
C:\Windows\syswow64\profapi.dll
C:\Windows\system32\DNSAPI.dll
C:\Windows\syswow64\COMDLG32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\COMCTL32.dll
C:\Windows\syswow64\SHELL32.dll
C:\Windows\syswow64\OLEAUT32.dll
C:\Windows\system32\MSIMG32.dll
C:\Windows\syswow64\PSAPI.DLL
C:\Windows\system32\IMM32.DLL
C:\Windows\syswow64\CLBCatQ.DLL
C:\Windows\System32\msxml6.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
C:\Windows\syswow64\SETUPAPI.dll
C:\Windows\syswow64\CFGMGR32.dll
C:\Windows\syswow64\DEVOBJ.dll
C:\Windows\system32\PROPSYS.dll
C:\Windows\system32\srvcli.dll
C:\Windows\system32\cscapi.dll
C:\Windows\system32\slc.dll
C:\Windows\system32\CRYPTSP.dll
C:\Windows\system32\RpcRtRemote.dll
C:\Windows\system32\powrprof.dll
C:\Users\win7\AppData\Local\Temp\is-JUGIU.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\nsrE61C.tmp\System.dll
C:\pcnsl.gui
C:\Windows\system32\MSI.DLL
VERSION.DLL
DINPUT.DLL
dsound.dll
C:\Windows\system32\dsound.dll
ddraw.dll
C:\mmkeybsupp.dll
c:\program files\internet explorer\iexplore.exe
C:\Users\win7\AppData\Local\Temp\nswE6D8.tmp\LangDLL.dll
C:\Users\win7\AppData\Local\Temp\nswE6D8.tmp\System.dll
netapi32
C:\Users\win7\AppData\Local\Temp\nswE6D8.tmp\UAC.dll
ADVAPI32
ShlWAPI
C:\Users\win7\AppData\Local\Temp\nswE6D8.tmp\GraphicalInstaller.dll
C:\Users\win7\AppData\Local\Temp\nswE6D8.tmp\Math.dll
C:\Users\win7\AppData\Local\Temp\nswE6D8.tmp\nsDialogs.dll
api-ms-win-core-string-l1-1-0
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-localization-obsolete-l1-2-0
C:\Users\win7\AppData\Local\Temp\is-B66CS.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\GUM95FE.tmp\goopdate.dll
C:\Users\win7\AppData\Local\Temp\GUM95FE.tmp\goopdateres_en.dll
WSOCK32.dll
C:\Windows\SysWOW64\ENU.dll
C:\Windows\SysWOW64\LOC.dll
User32.DLL
C:\Windows\SysWOW64\DXGIDebug.dll
C:\Windows\SysWOW64\D3D10Warp.dll
C:\Windows\SysWOW64\DDRAW.dll
C:\Users\win7\AppData\Local\Temp\nsfD5D0.tmp\System.dll
shlwapi
C:\Users\win7\AppData\Local\Temp\0011a759.a
C:\Users\win7\AppData\Local\Temp\0011ade1.a
jscript9.dll
OLEACC.DLL
C:\Windows\system32\Oleacc.dll
dwrite.dll
IMAGEHLP.DLL
C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx
SHELL32.DLL
C:\Users\win7\AppData\Local\Temp\nsf67BF.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsf67BF.tmp\base64.dll
C:\Users\win7\AppData\Local\Temp\nsf67BF.tmp\ThreadTimer.dll
1000\System.dll
C:\Users\win7\AppData\Local\Temp\nsf67BF.tmp\inetc.dll
C:\Users\win7\AppData\Local\Temp\nsv68BA.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsv68BA.tmp\inetc.dll
C:\Users\win7\AppData\Local\Temp\nsv68BA.tmp\Processes.dll
C:\Users\win7\AppData\Local\Temp\nsv68BA.tmp\nsJSON.dll
COMCTL32.DLL
GDI32.DLL
MSIMG32.DLL
OLE32.DLL
ssutil.dll
WinSpool.drv
oleacc.dll
C:\Windows\system32\winmm.dll
MSDART.dll
C:\Users\win7\AppData\Local\Temp\000c97a2.a
C:\Users\win7\AppData\Local\Temp\000c9e58.a
C:\Windows\system32\wer.dll
werui.dll
DUI70.dll
C:\Users\win7\AppData\Local\Temp\nsj8625.tmp\System.dll
nod32krr.dll
C:\Users\win7\AppData\Local\Temp\is-C7QA1.tmp\OCSetupHlp.dll
Crypt32.dll
C:\Users\win7\AppData\Local\Temp\is-C7QA1.tmp\GCountry.dll
C:\Windows\system32\VB6ES.DLL
C:\1033\orgcintl.dll
C:\Windows\SysWOW64\\msi.dll
MPR.dll
cmdhtml.dll
d3d10_1.dll
shcore.dll
uiautomationcore.dll
C:\Users\win7\AppData\Local\Temp\comodoccav_temp_setup\DXGIDebug.dll
WINMM
user32
\mso.dll
C:\Users\win7\AppData\Local\Temp\is-AK8CI.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-AK8CI.tmp\BASS.dll
avrt.dll
C:\bin\launcher.dll
C:\Windows\system32\wintab32.dll
1025\HotFixInstallerUI.dll
1028\HotFixInstallerUI.dll
1029\HotFixInstallerUI.dll
1030\HotFixInstallerUI.dll
1031\HotFixInstallerUI.dll
1032\HotFixInstallerUI.dll
1033\HotFixInstallerUI.dll
1035\HotFixInstallerUI.dll
1036\HotFixInstallerUI.dll
1037\HotFixInstallerUI.dll
1038\HotFixInstallerUI.dll
1040\HotFixInstallerUI.dll
1041\HotFixInstallerUI.dll
1042\HotFixInstallerUI.dll
1043\HotFixInstallerUI.dll
1044\HotFixInstallerUI.dll
1045\HotFixInstallerUI.dll
1046\HotFixInstallerUI.dll
1049\HotFixInstallerUI.dll
1053\HotFixInstallerUI.dll
1055\HotFixInstallerUI.dll
2052\HotFixInstallerUI.dll
2070\HotFixInstallerUI.dll
3082\HotFixInstallerUI.dll
Normaliz.dll
XmlLite.dll
POWRPROF.DLL
winscard.dll
pstorec.dll
C:\Users\win7\AppData\Local\Temp\nsd4F51.tmp\System.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\HWCodecLoader.dll
C:\Windows\HWCodecLoader.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\IntelHWCodec.dll
C:\Windows\IntelHWCodec.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\NVidiaHWCodec.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\GeoImageEnhance.dll
C:\Windows\GeoImageEnhance.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\GvVAScheDll.dll.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\GeoCodec.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\GXAMP4.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\GX264.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\GXGM20.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\GXJPG.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\GXAVC.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\GeoADPCM.acm
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\GeoAudio.acm
C:\Windows\GeoOCX\WebCam\20141101\GVMegaPixelViewerENU.dll
C:\Windows\GeoOCX\WebCam\20141101\GVMegaPixelViewerLOC.dll
C:\Windows\GeoOCX\WebCam\20141101\ImageGUIENU.dll
C:\Windows\GeoOCX\WebCam\20141101\ImageGUILOC.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoWatermark.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoWatermarkENU.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoWatermarkLOC.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoFisheye.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoFisheyeENU.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoFisheyeLOC.dll
C:\Windows\GeoOCX\WebCam\20141101\D3DX9_40.dll
d3d9.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoEditAVIDllV2ENU.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoEditAVIDllV2LOC.dll
C:\Windows\GeoOCX\WebCam\20141101\GvCryptoENU.dll
C:\Windows\GeoOCX\WebCam\20141101\GvCryptoLOC.dll
C:\Windows\GeoOCX\WebCam\20141101\IA_VIDEOENU.dll
C:\Windows\GeoOCX\WebCam\20141101\IA_VIDEOLOC.dll
C:\Windows\GeoOCX\WebCam\20141101\PtzStick_ParserENU.dll
C:\Windows\GeoOCX\WebCam\20141101\PtzStick_ParserLOC.dll
C:\Windows\system32\DSOUND.dll
C:\Windows\system32\ntdll.dll
C:\Users\win7\AppData\Local\Temp\is-77DOR.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-77DOR.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-IAKUM.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-IAKUM.tmp\ISDone.dll
C:\Users\win7\AppData\Local\Temp\is-IAKUM.tmp\isSlideShow.dll
C:\Users\win7\AppData\Local\Temp\is-IAKUM.tmp\isSlideShow.ENU
C:\Users\win7\AppData\Local\Temp\is-IAKUM.tmp\isSlideShow.EN
C:\Users\win7\AppData\Local\Temp\is-IAKUM.tmp\CallbackCtrl.dll
zlib1.dll
newdev.dll
cfgmgr32.dll
C:\Windows\SysWOW64\NETAPI32.DLL
MSISIP.DLL
crypt32.dll
Iphlpapi.dll
C:\Users\win7\AppData\Local\Temp\bsw4ECC.tmp.bat
C:\Users\win7\AppData\Local\Temp\is-3V1B6.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-3V1B6.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-1IGF1.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\nsq1674.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\is-J8KP6.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-J8KP6.tmp\ISDone.dll
C:\Users\win7\AppData\Local\Temp\is-J8KP6.tmp\b2p.dll
C:\Users\win7\AppData\Local\Temp\is-J8KP6.tmp\botva2.dll
SetupApi.dll
WS2_32.DLL
C:\Windows\system32\McxDriv.dll
C:\Windows\System32\imageres.dll
C:\Windows\System32\setupapi.dll
C:\Windows\system32\mmsys.cpl
C:\Windows\system32\mdminst.dll
C:\Windows\system32\SensorsCpl.dll
C:\Windows\System32\SysClass.DLL
C:\Windows\system32\NetCfgx.dll
C:\Windows\system32\sti_ci.dll
C:\Windows\System32\\imageres.dll
C:\Windows\system32\batt.dll
C:\Windows\system32\sccls.dll
C:\Windows\system32\AuxiliaryDisplayClassInstaller.dll
C:\Windows\system32\bthci.dll
C:\gDLL_Loader.exe
C:\gProcmon.exe
C:\Program Files\Oracle\VirtualBox Guest Additions\guninst.exe
C:\Program Files\Oracle\VirtualBox Guest Additions\gVBoxControl.exe
C:\Program Files\Oracle\VirtualBox Guest Additions\gVBoxDrvInst.exe
C:\Program Files\Oracle\VirtualBox Guest Additions\gVBoxTray.exe
C:\Program Files\Oracle\VirtualBox Guest Additions\gVBoxWHQLFake.exe
C:\Python27\gpythonw.exe
C:\Users\win7\AppData\Local\Temp\is-U057B.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-U057B.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\nsu29A4.tmp\System.dll
C:\Windows\system32\riched20.dll
C:\Users\win7\AppData\Local\Temp\is-49NG2.tmp\_isetup\_shfoldr.dll
C:\rarlng.dll
C:\Windows\system32\VBoxMRXNP.dll
C:\Windows\System32\drprov.dll
C:\Windows\System32\ntlanman.dll
C:\Windows\System32\davclnt.dll
C:\Windows\system32\comsvcs.dll
C:\Users\win7\AppData\Local\Temp\nsxDEAE.tmp\InstallOptions.dll
SSPICLI
C:\Users\win7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Silverlight\sllauncher.exe
C:\Windows\SysWOW64\jscript9.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\ar-SA\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\cs-CZ\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\da-DK\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\de-DE\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\el-GR\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\en-US\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\es-ES\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\fi-FI\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\fr-FR\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\he-IL\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\hu-HU\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\it-IT\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\ja-JP\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\ko-KR\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\nb-NO\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\nl-NL\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\pl-PL\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\pt-BR\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\pt-PT\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\ru-RU\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\sk-SK\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\sl-SI\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\sv-SE\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\th-TH\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\tr-TR\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\zh-CN\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\zh-TW\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\IIF3F2E.tmp\en-US\resource.dll.mui
MSFTEDIT.dll
C:\Users\win7\AppData\Local\Temp\nsp57AC.tmp\System.dll
dnssd.dll
C:\Users\win7\AppData\Local\Temp\00124a4f.a
C:\Users\win7\AppData\Local\Temp\001250d7.a
C:\Users\win7\AppData\Local\Temp\nstED20.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nss26D9.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nss26D9.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nss26D9.tmp\registry.dll
iphlpapi
C:\Users\win7\AppData\Local\Temp\nss26D9.tmp\Math.dll
C:\Users\win7\AppData\Local\Temp\nss26D9.tmp\blowfish.dll
C:\Users\win7\AppData\Local\Temp\nss26D9.tmp\UserInfo.dll
C:\Users\win7\AppData\Local\Temp\nss26D9.tmp\GetVersion.dll
C:\Windows\system32\mshtml.dll
C:\Users\win7\AppData\Local\Temp\nss26D9.tmp\manlib.dll
C:\Users\win7\AppData\Local\Temp\nsn3992.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsn3992.tmp\inetc.dll
C:\Users\win7\AppData\Local\Temp\GUM2F0.tmp\goopdate.dll
C:\Users\win7\AppData\Local\Temp\GUM2F0.tmp\goopdateres_en.dll
C:\Users\win7\AppData\Local\Temp\is-GL7RS.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-GL7RS.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-5EPIU.tmp\_isetup\_shfoldr.dll
MsiHnd.dll
DWMAPI
USER32
C:\Windows\SysWOW64\SAGE.DLL
CABINET
C:\Users\win7\AppData\Local\Temp\is-Q3FU0.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-Q3FU0.tmp\isskin.dll
C:\Users\win7\AppData\Local\Temp\is-V27F6.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-Q3FU0.tmp\Office2007.cjstyles
C:\Windows\system32\AdvApi32.dll
C:\Windows\system32\Msi.dll
C:\Windows\system32\srclient.dll
C:\Users\win7\AppData\Local\Temp\{df6db185-7fb4-4cc4-a144-2f6c0fb80716}\.ba1\wixstdba.dll
C:\Users\win7\AppData\Local\Temp\{df6db185-7fb4-4cc4-a144-2f6c0fb80716}\.ba1\bafunctions.dll
C:\Windows\system32\Riched20.dll
C:\Windows\system32\Windowscodecs.dll
C:\Windows\system32\Msxml6.dll
C:\Users\win7\AppData\Local\Temp\installer0.exe
C:\Users\win7\AppData\Local\Temp\nsk9548.tmp\InstallOptions.dll
C:\Users\win7\AppData\Local\Temp\nsk9548.tmp\StartMenu.dll
api-ms-win-core-sysinfo-l1-2-1
C:\Users\win7\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{9C3F28BF-493C-4478-8E71-36F20B1D5F7A}.ico
C:\Users\win7\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Windows\syswow64\Crypt32.dll
C:\Users\win7\AppData\Local\Temp\nssEA13.tmp\SkinBtn.dll
C:\Users\win7\AppData\Local\Temp\nssEA13.tmp\FindProcDLL.dll
C:\Users\win7\AppData\Local\Temp\nssEA13.tmp\ButtonEvent.dll
C:\Users\win7\AppData\Local\Temp\nssEA13.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nssEA13.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nssEA13.tmp\SkinProgress.dll
C:\Users\win7\AppData\Local\Temp\nssEA13.tmp\progress.dll
C:\Users\win7\AppData\Local\Temp\nssEA13.tmp\progressENU.dll
C:\Users\win7\AppData\Local\Temp\nssEA13.tmp\progressLOC.dll
C:\Users\win7\AppData\Local\Temp\nssEA13.tmp\nsisSlideshow.dll
api-ms-win-security-systemfunctions-l1-1-0
C:\Users\win7\AppData\Local\Temp\gHRNhgjcqh.tmp\htmlayout.dll
HTMLayout.dll
usp10.dll
Shlwapi.dll
cryptsp.dll
winsta.dll
rsaenh.dll
bcryptprimitives.dll
C:\Users\win7\AppData\Local\Temp\nss709F.tmp\UserInfo.dll
C:\Users\win7\AppData\Local\Temp\nss709F.tmp\LangDLL.dll
C:\Users\win7\AppData\Local\Temp\nss709F.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nss709F.tmp\System.dll
SetupApi.DLL
kernel32.DLL
Advapi32.DLL
Clusapi.DLL
gdi32.DLL
C:\Users\win7\AppData\Local\Temp\is-4KD6I.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-4KD6I.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\nsb314F.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsb314F.tmp\InstallOptions.dll
C:\Users\win7\AppData\Local\Temp\nsb314F.tmp\nsDialogs.dll
WinInet.dll
C:\Users\win7\AppData\Local\Temp\1FC9.tmp
C:\Users\win7\AppData\Local\Temp\1FC8.tmp
Msimg32.dll
atl.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\comctl32.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\\wminet_utils.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
C:\Users\win7\AppData\Local\Temp\nsiBC76.tmp\NSISdl.dll
C:\Users\win7\AppData\Local\Temp\nsdE0A2.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nsdE0A2.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nshF81A.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nshF81A.tmp\nsDialogs.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0967cf5c31691f38d013263304d2dacb\System.Runtime.Remoting.ni.dll
C:\Users\win7\AppData\Local\Temp\CrashLibrary\dbghelp.dll\dbghelp.dll
C:\Windows\SysWOW64\SFC.DLL
C:\Windows\SysWOW64\oleaut32.dll
C:\Windows\SysWOW64\stdole2.tlb
C:\Windows\SysWOW64\olepro32.dll
C:\Windows\SysWOW64\comcat.dll
C:\Users\win7\AppData\Local\Temp\nsnD9AE.tmp\System.dll
COMDLG32.DLL
IMM32.DLL
OLE32.dll
C:\Users\win7\AppData\Local\Temp\BR65BF.tmp
C:\Users\win7\AppData\Local\Temp\BR663D.tmp
C:\Users\win7\AppData\Local\Temp\BR66EA.tmp
C:\Users\win7\AppData\Local\Temp\BR670A.tmp
C:\Users\win7\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
C:\Users\win7\AppData\Local\Temp\BR6779.tmp
C:\Users\win7\AppData\Local\Temp\BR6BFE.tmp
C:\Users\win7\AppData\Local\Temp\BR6C2E.tmp
C:\Users\win7\AppData\Local\Temp\BR6C3E.tmp
C:\Users\win7\AppData\Local\Temp\BR6C4F.tmp
C:\Users\win7\AppData\Local\Temp\BR6C60.tmp
C:\Users\win7\AppData\Local\Temp\BR6C70.tmp
shell32
C:\Users\win7\AppData\Local\Temp\is-CMCC1.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-CMCC1.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-MJ2RR.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-MJ2RR.tmp\_isetup\_iscrypt.dll
Version.dll
C:\Windows\system32\nvcuvid.dll
C:\Users\win7\AppData\Local\Temp\is-MJ2RR.tmp\klcp_detect.dll
libmfxhw32.dll
libmfxsw32.dll
C:\Users\win7\AppData\Local\Temp\nsk49AD.tmp\UserInfo.dll
C:\Users\win7\AppData\Local\Temp\nsk49AD.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsk49AD.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nswB2D8.tmp\System.dll
RecommendInfo
C:\Users\win7\AppData\Local\Temp\nswB2D8.tmp\KillProcDLL.dll
C:\Users\win7\AppData\Local\Temp\nswB2D8.tmp\nsDialogs.dll
C:\Windows\system32\sfc_os.dll
C:\Windows\system32\SSPICLI.DLL
C:\Windows\system32\UXTheme.dll
C:\Windows\system32\cryptbase.dll
C:\Users\win7\AppData\Local\Temp\nsj77ED.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsj77ED.tmp\nsDialogs.dll
Ole32.dll
C:\Users\win7\AppData\Local\Temp\nse5EB7.tmp\InstallOptions.dll
C:\Users\win7\AppData\Local\Temp\nsd75F9.tmp\System.dll
C:\Windows\SysWOW64\USER32.DLL
C:\Windows\SysWOW64\RPCRT4.DLL
SETUPENU.DLL
SetupENU
AdvApi32.DLL
Avrt.dll
C:\Users\win7\AppData\Local\Temp\{0d931f65-00ff-4fba-8569-6c1d016183a0}\.ba1\wixstdba.dll
C:\Windows\system32\wups.dll
C:\Windows\system32\wu.upgrade.ps.dll
DnsApi.dll
DBGHELP.DLL
C:\Windows\system32\symsrv.dll
C:\Users\win7\AppData\Local\Temp\nsr42E6.tmp\LangDLL.dll
C:\Users\win7\AppData\Local\Temp\nsx378C.tmp\nsisos.dll
C:\Windows\system32\CRTDLL.DLL
Netapi32.dll
C:\Users\win7\AppData\Local\Temp\is-NFSLV.tmp\_isetup\_shfoldr.dll
filesystem_stdio.dll
filesystem_stdio.dll.dll
C:\Users\win7\AppData\Local\Adobe\DE1E5201-CB40-491C-9CBB-51ED1B410290\gtcheck.exe
C:\Windows\SysWOW64\urlmon.dll
IMGUTIL.DLL
C:\Users\win7\AppData\Local\Temp\is-RNU68.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\nsd83D8.tmp\System.dll
ETDApix.dll
binkw32.dll
C:\Users\win7\AppData\Local\Temp\nswE3F7.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nswE3F7.tmp\UAC.dll
C:\Users\win7\AppData\Local\Temp\nswE3F7.tmp\nsDialogs.dll
Wship6.dll
DWMAPI.DLL
C:\Windows\system32\DWMAPI.DLL
C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
C:\Windows\system32\olepro32.dll
C:\Windows\system32\wsock32.dll
C:\Windows\syswow64\comdlg32.dll
C:\Windows\syswow64\oleaut32.dll
C:\Windows\syswow64\shell32.dll
mscms.dll
icm32.dll
C:\Windows\system32\ntmarta.dll
C:\Windows\system32\icm32.dll
C:\Windows\system32\mscms.dll
C:\Windows\system32\windowscodecsext.dll
C:\Windows\system32\windowscodecs.dll
C:\Windows\system32\d3d11.dll
C:\Windows\system32\dxgi.dll
C:\Windows\system32\DWrite.dll
C:\Windows\system32\d2d1.dll
C:\Windows\system32\SXS.DLL
C:\Windows\system32\msimtf.dll
C:\Windows\system32\MLANG.dll
C:\Windows\System32\fwpuclnt.dll
C:\Windows\System32\winrnr.dll
C:\Windows\system32\pnrpnsp.dll
C:\Windows\system32\napinsp.dll
C:\Windows\system32\MSHTML.dll
C:\Windows\System32\npmproxy.dll
C:\Windows\system32\dhcpcsvc.DLL
C:\Windows\system32\rasadhlp.dll
C:\Windows\System32\netprofm.dll
C:\Windows\system32\dhcpcsvc6.DLL
C:\Windows\System32\wshtcpip.dll
C:\Windows\System32\nlaapi.dll
C:\Windows\System32\wship6.dll
C:\Windows\system32\mswsock.dll
C:\Windows\system32\WINNSI.DLL
C:\Windows\system32\IPHLPAPI.DLL
C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
C:\Windows\system32\Secur32.dll
C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
C:\Windows\syswow64\psapi.dll
C:\Windows\syswow64\MSASN1.dll
C:\Windows\syswow64\WINTRUST.dll
C:\Windows\syswow64\WLDAP32.dll
C:\Users\win7\AppData\Local\Temp\nsvD4D4.tmp\LangDLL.dll
C:\Users\win7\AppData\Local\Temp\nsvD4D4.tmp\UAC.dll
C:\Users\win7\AppData\Local\Temp\nsvD4D4.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsvD4D4.tmp\NAxgPluginW_0_1.dll
C:\Users\win7\AppData\Local\Temp\nsvD4D4.tmp\InstallOptions.dll
C:\Users\win7\AppData\Local\Temp\nsvD4D4.tmp\FindProcDLL.dll
C:\Users\win7\AppData\Local\Temp\{fb74531f-28c3-4dca-9849-e6b8faa85afe}\.ba1\BA_DLL.dll
C:\Users\win7\AppData\Local\Temp\{fb74531f-28c3-4dca-9849-e6b8faa85afe}\.ba1\Lang\en-US\IntelCommon.dll
C:\Users\win7\AppData\Local\Temp\{fb74531f-28c3-4dca-9849-e6b8faa85afe}\.ba1\Lang\en-US\resource.dll.mui
C:\Users\win7\AppData\Local\Temp\is-MG237.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-MG237.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-KP5SB.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-KP5SB.tmp\ISDone.dll
C:\Users\win7\AppData\Local\Temp\is-KP5SB.tmp\isSlideShow.dll
C:\Users\win7\AppData\Local\Temp\is-KP5SB.tmp\isSlideShow.ENU
C:\Users\win7\AppData\Local\Temp\is-KP5SB.tmp\isSlideShow.EN
C:\Users\win7\AppData\Local\Temp\is-KP5SB.tmp\CallbackCtrl.dll
C:\AsMultiLang.dll
C:\__Xenocode\x86\vmx.dll
C:\Users\win7\AppData\Local\Temp\is-V2U7V.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-V2U7V.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-RI3U3.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-RI3U3.tmp\InstallerExtensions.dll
C:\Windows\system32\vb6cht.dll
User32
UXTHEME
C:\Users\win7\AppData\Local\Temp\nsw177E.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsw177E.tmp\UserInfo.dll
C:\Users\win7\AppData\Local\Temp\nsw177E.tmp\LangDLL2.dll
C:\Users\win7\AppData\Local\Temp\nsw177E.tmp\ButtonEvent2.dll
C:\Users\win7\AppData\Local\Temp\nsrEF0E.tmp\LangDLL.dll
C:\Users\win7\AppData\Local\Temp\nsrEF0E.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nsrEF0E.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\6282d1bc-b581-489f-9e11-e6f8699c7bc0.dll
\ashbase.dll
C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
C:\Users\win7\AppData\Local\Temp\nspFA9F.tmp\UserInfo.dll
C:\Users\win7\AppData\Local\Temp\nspFA9F.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nspFA9F.tmp\LangDLL.dll
C:\Users\win7\AppData\Local\Temp\nspFA9F.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nspFA9F.tmp\StartMenu.dll
C:\MSVCR80.dll
MSVCR80.dll
C:\msvcm80.dll
msvcm80.dll
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcm80.dll
C:\Users\win7\AppData\Local\Temp\is-1HU4P.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-1HU4P.tmp\ISDone.dll
C:\Users\win7\AppData\Local\Temp\is-1HU4P.tmp\b2p.dll
C:\Users\win7\AppData\Local\Temp\is-1HU4P.tmp\botva2.dll
C:\Users\win7\AppData\Local\Temp\000c4154.a
C:\Users\win7\AppData\Local\Temp\000c4b76.a
UIRibbonRes.dll
C:\Windows\system32\UIRibbon.dll
C:\Windows\system32\fms.dll
C:\Users\win7\AppData\Local\Temp\~vis0000\vise32ex.dll
C:\Windows\system32\user.exe
C:\WBDJA44I.DLL
lsm.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\drivers\pacer.sys
fwpuclnt.dll
pnrpsvc.dll
C:\Windows\system32\pnrpsvc.dll
AzRoles.dll
fxsresm.dll
cscsvc.dll
C:\Windows\system32\cscsvc.dll
C:\Windows\system32\iphlpsvc.dll
C:\Windows\system32\umpo.dll
HTTPAPI.DLL
NetLogon.dll
drt.dll
C:\Windows\system32\drivers\ndis.sys
PeerDistSvc.dll
C:\Windows\system32\PeerDistSvc.dll
WsmRes.dll
tbssvc.dll
C:\Windows\system32\tbssvc.dll
C:\Windows\System32\perfproc.dll
C:\Users\win7\AppData\Local\Temp\is-C2BTD.tmp\_isetup\_shfoldr.dll
C:/Users/win7/AppData/Local/Temp/BR41B2.tmp
C:/Users/win7/AppData/Local/Temp/BR427E.tmp
C:/Users/win7/AppData/Local/Temp/be29e7f1-71ae-4703-50cb-1d52be512f51/twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
msimg32
gdi32
Fwpuclnt.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
SHFOLDER.dll
NTDLL.DLL
C:\Windows\system32\ieframe.dll
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
NTDLL.dll
libcef.dll
C:\Users\win7\AppData\Local\Temp\amisetup5784_il1.exe
C:\Users\win7\AppData\Local\Temp\DXGIDebug.dll
C:\AdiIRCAPI.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\oleaut32.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\007fc007edc388d9806dff94ee04f129\System.Configuration.ni.dll
C:\winmm.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
RichEd20.DLL
C:\Windows\system32\RichEd20.DLL
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\shell32.dll
C:\Users\win7\AppData\Local\Temp\GUM6D0C.tmp\goopdate.dll
C:\Users\win7\AppData\Local\Temp\GUM6D0C.tmp\goopdateres_en.dll
atiadlxx.dll
atiadlxy.dll
C:\Windows\system32\input.dll
C:\Updater\yupdate.dll
C:\setupapi
setupapi
sfc.dll
C:\Users\win7\AppData\Local\Temp\27H6H4JB\unpack.dll
C:\Users\win7\AppData\Local\Temp\27H6H4JB\sample\plugins\0\CustomUI.dll
C:\Users\win7\AppData\Local\Temp\27H6H4JB\sample\plugins\0\CustomUI.ENU
C:\Users\win7\AppData\Local\Temp\27H6H4JB\sample\plugins\0\CustomUI.EN
C:\Windows\SysWOW64\DUser.dll
C:\\win764\setup.exe
CommonsDll.dll
C:\Users\win7\AppData\Local\Temp\\dup2patcher.dll
C:\Users\win7\AppData\Local\Temp\\bassmod.dll
C:\Windows\system32\ntoskrnl.exe
UTILDLL.dll
C:\Windows\System32\wininit.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Windows\explorer.exe
C:\Windows\System32\cmd.exe
C:\Python27\python.exe
C:\Windows\System32\dllhost.exe
C:\CFVS_Injector.exe
c:\6c055abc11ad2eba29ab92cecb\EppManifest.dll
c:\6c055abc11ad2eba29ab92cecb\SetupRes.dll
HHCTRL.OCX
rasapi32.dll
mdmins32.dll
C:\Users\win7\AppData\Local\Temp\SetupPro.dll
C:\Users\win7\AppData\Local\Temp\SetupPro.ENU
C:\Users\win7\AppData\Local\Temp\SetupPro.EN
C:\Windows\syswow64\dbghelp.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\GDIPLUS.DLL
C:\Windows\system32\AsIO.dll
C:\AsAcpi.dll
ImgUtil.dll
C:\Users\win7\AppData\Local\Temp\nsh5EC1.tmp\OCSetupHlp.dll
C:\Users\win7\AppData\Local\Temp\nsh5EC1.tmp\InstOpt.dll
C:\Users\win7\AppData\Local\Temp\nsh5EC1.tmp\System.dll
crtdll.dll
C:\idmvs.dll
Connect.dll
RASAPI32
Msi.dll
C:\Users\win7\AppData\Local\Temp\nspC1C.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nspC1C.tmp\UAC.dll
C:\Users\win7\AppData\Local\Temp\nspC1C.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nspC1C.tmp\InetBgDL.dll
C:\Users\win7\AppData\Local\Temp\nspC1C.tmp\CertCheck.dll
C:\Users\win7\AppData\Local\Temp\nsj2477.tmp\System.dll
svcs.dll
comsvcs.dll
C:\Windows\system32\POWRPROF.dll
C:\Windows\system32\ddraw.dll
C:\Windows\system32\DCIMAN32.dll
C:\Windows\System32\MMDevApi.dll
C:\Windows\System32\PROPSYS.dll
C:\Windows\system32\AUDIOSES.DLL
C:\Windows\system32\DBGHELP.DLL
C:\Users\win7\AppData\Local\Temp\oeb2C93.tmp
MPR.DLL
WSOCK32.DLL
C:\Users\win7\AppData\Local\Temp\oeb2C93.ENU
C:\Users\win7\AppData\Local\Temp\oeb2C93.EN
C:\Users\win7\AppData\Local\Temp\nsu717E.tmp\System.dll
ComCtl32
C:\Users\win7\AppData\Local\Temp\is-CDE5R.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-CDE5R.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-HCF9A.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-6G2HS.tmp\_isetup\_shfoldr.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
RASMAN.DLL
rtutils.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Users\win7\AppData\Local\Temp\is-8R6MI.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-8R6MI.tmp\ISDone.dll
C:\Users\win7\AppData\Local\Temp\is-8R6MI.tmp\botva2.dll
C:\Users\win7\AppData\Local\Temp\nsyFA36.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsyFA36.tmp\UserInfo.dll
C:\Users\win7\AppData\Local\Temp\nsyFA36.tmp\g\gtapi_signed
C:\Users\win7\AppData\Local\Temp\nsyFA36.tmp\g\gcapi_dll
C:\Users\win7\AppData\Local\Temp\nsyFA36.tmp\ButtonEvent.dll
C:\Users\win7\AppData\Local\Temp\nsyFA36.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nsyFA36.tmp\g\pfWWW
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\mspaint.exe
C:\Windows\System32\mspaint.exe
ws2_32
WTSAPI32.dll
ReversePage.expextdll.dll
C:\CoralApp.dll
C:\Users\win7\AppData\Local\Temp\is-LL4DS.tmp\_isetup\_shfoldr.dll
crypt32
Ntdll
C:\Users\win7\AppData\Local\Temp\dfs29D4.tmp
sxs.dll
C:\Windows\system32\CRTDLL.dll
C:\QuickTime.qts
C:\Windows\system32\QuickTime.qts
C:\Users\win7\AppData\Local\Temp\is-IV03H.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-IV03H.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-V8NH6.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-V8NH6.tmp\_isetup\_iscrypt.dll
C:\Users\win7\AppData\Local\Temp\nsxDBAD.tmp\LangDLL.dll
C:\Users\win7\AppData\Local\Temp\nsxDBAD.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsxDBAD.tmp\nsDialogs.dll
MSVCR90.dll
C:\Users\win7\AppData\Local\Temp\nsz5536.tmp\zlib.pyd
MSVCP90.dll
msvcr90.dll
psapi
msftedit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\716ee14dc9aafde2b5f7f387d842661d\System.ServiceProcess.ni.dll
C:\Users\win7\AppData\Local\Temp\pft8FD4.tmp\inst.ENU
C:\Users\win7\AppData\Local\Temp\pft8FD4.tmp\inst.EN
C:\Users\win7\AppData\Local\Temp\pft8FD4.tmp\inst.exe
MSVBVM60
GDI32
T2EMBED.DLL
C:\Users\win7\AppData\Local\Temp\{fa356f34-eef9-4655-aa8e-0eea851f3102}\.ba1\wixstdba.dll
C:\Users\win7\AppData\Local\Temp\{fa356f34-eef9-4655-aa8e-0eea851f3102}\.ba1\bafunctions.dll
C:\Users\win7\AppData\Local\Temp\{84cc4d51-23ee-42a3-af9f-43f332a362a2}\.ba1\wixstdba.dll
C:\Users\win7\AppData\Local\Temp\{84cc4d51-23ee-42a3-af9f-43f332a362a2}\.ba1\bafunctions.dll
C:\Users\win7\AppData\Local\Temp\is-8EU0F.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-8EU0F.tmp\sample.EN
C:\Users\win7\AppData\Local\Temp\is-5CV7H.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-5CV7H.tmp\util.dll
lang\setupENU.dll
setup.dll
C:\Users\win7\AppData\Local\Temp\{B85DEA05-E1C8-434C-B270-78F4CADEDFFF}\{7D916FA5-DAE9-4A25-B089-655C70EAF607}\InstallHelper.dll
VBoxHook.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
Psapi.dll
C:\Users\win7\AppData\Local\Temp\{941026FD-CD36-4988-A81B-9B3B11755DDA}\_Setup.dll
C:\Users\win7\AppData\Local\Temp\{941026FD-CD36-4988-A81B-9B3B11755DDA}\Disk1\ISSetup.dll
C:\Users\win7\AppData\Local\Temp\{8BC43DD4-1DA0-4E52-89C0-3098264D9D60}\{99F351B0-E2CD-43E2-935F-256F1CF1348B}\ISRT.dll
C:\Users\win7\AppData\Local\Temp\{8BC43DD4-1DA0-4E52-89C0-3098264D9D60}\{99F351B0-E2CD-43E2-935F-256F1CF1348B}\_isres.dll
C:\Users\win7\AppData\Local\Temp\{8BC43DD4-1DA0-4E52-89C0-3098264D9D60}\{99F351B0-E2CD-43E2-935F-256F1CF1348B}\_isuser.dll
C:\Users\win7\AppData\Local\Temp\{941026FD-CD36-4988-A81B-9B3B11755DDA}\Disk1\data1.hdr
C:\Users\win7\AppData\Local\Temp\{8BC43DD4-1DA0-4E52-89C0-3098264D9D60}\{99F351B0-E2CD-43E2-935F-256F1CF1348B}\_ISRes.dll
C:\Program Files\Internet Explorer\IEXPLORE.EXE
SzcHgvDEZD
C:\Users\win7\AppData\Local\Temp\IPMx2\setup.exe
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\ARA\ChipsetARA.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\CHS\ChipsetCHS.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\CHT\ChipsetCHT.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\CSY\ChipsetCSY.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\DAN\ChipsetDAN.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\DEU\ChipsetDEU.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\ELL\ChipsetELL.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\ENU\ChipsetENU.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\ESP\ChipsetESP.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\FIN\ChipsetFIN.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\FRA\ChipsetFRA.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\HEB\ChipsetHEB.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\HUN\ChipsetHUN.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\ITA\ChipsetITA.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\JPN\ChipsetJPN.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\KOR\ChipsetKOR.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\NLD\ChipsetNLD.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\NOR\ChipsetNOR.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\PLK\ChipsetPLK.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\PTB\ChipsetPTB.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\PTG\ChipsetPTG.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\RUS\ChipsetRUS.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\SVE\ChipsetSVE.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\THA\ChipsetTHA.dll
C:\Users\win7\AppData\Local\Temp\IPMx2\Lang\CHIP\TRK\ChipsetTRK.dll
MSVBVM60.DLL
C:\Users\win7\AppData\Local\Temp\is-8RNPB.tmp\_isetup\_shfoldr.dll
C:\Users\win7\AppData\Local\Temp\is-8RNPB.tmp\ConsoleApplication1.dll
C:\Users\win7\AppData\Local\Temp\nsqCA04.tmp\System.dll
mscoree
C:\Users\win7\AppData\Local\Temp\nsqCA04.tmp\InstallOptions.dll
C:\Users\win7\AppData\Local\Temp\nsqCA04.tmp\StartMenu.dll
C:\Users\win7\AppData\Local\Temp\GLC5CCB.tmp
C:\Users\win7\AppData\Local\Temp\GLK5F1F.tmp
C:\PROGRA~2\WMACON~1\UNWISE.EXE
CABINET.DLL
C:\PROGRA~2\WMACON~1\WMA-SH~1.EXE
C:\Windows\System32\WMAUDI~1.EXE
C:\PROGRA~2\WMACON~1\wma.hlp
C:\PROGRA~2\WMACON~1\wma.cnt
C:\Windows\System32\actskin4.ocx
C:\PROGRA~2\WMACON~1\unwise.exe
C:\PROGRA~2\WMACON~1\readme.txt
C:\PROGRA~2\WMACON~1\settings.ini
C:\Windows\System32\MsAudio.ocx
C:\Users\win7\AppData\Local\Temp\GLF68B7.tmp
C:\Users\win7\AppData\Local\Temp\Ruby.exe
NahimicMSIOSD.dll
NahimicMSIDevProps.dll
UsEr32
C:\Users\win7\AppData\Local\Temp\RarSFX0\u1208.exe
C:\Users\win7\AppData\Local\Temp\nsoAFED.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nsoAFED.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsoAFED.tmp\KillProcWMI.dll
C:\Windows\SysWOW64\wscript.exe
C:\Windows\SysWOW64\wshext.dll
C:\Windows\system32\crtdll.dll
sfc_os.dll
C:\inpout32.dll
shell.dll
netapi32.dll
NETUTILS
SAMCLI
Comdlg32.dll
C:\Windows\SysWOW64\schtasks.exe
C:\Users\win7\AppData\Local\Temp\is-8RJN5.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-8RJN5.tmp\sample.EN
C:\sample
C:\Windows\system32\WINMM.dll
C:\Users\win7\AppData\Local\Temp\EC33651E57AF5E114A96800072B0B333\SETUP.DLL
C:\Windows\system32\jscript9.dll
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\SysWOW64\mshtml.dll
C:\Windows\system32\dxgi.dll
C:\Windows\system32\d3d11.dll
C:\Windows\system32\D3D10Warp.dll
C:\Windows\System32\msxml3.dll
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\DLL_Loader.exe
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\samp
C:\Windows\syswow64\KERNELBASE.dll
C:\Windows\syswow64\kernel32.dll
C
mFF=c
C:\Windows\SysWOW64\ntdll.dll
C:\Windows\SysWOW64\schannel.dll
C:\Windows\system32\cryptnet.dll
C:\Windows\system32\propsys.dll
C:\Users\win7\AppData\Local\Temp\is-E15RE.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-4EB0J.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-KJ1LK.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\innocallback.dll
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\IsProgressBar.dll
C:\Windows\system32\ODBC32.dll
C:\Windows\syswow64\PSAPI.DLL
C:\Windows\syswow64\GDI32.dll
C:\Windows\system32\msimg32.dll
C:\Windows\syswow64\ADVAPI32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\syswow64\shlwapi.DLL
C:\Windows\syswow64\ole32.DLL
C:\Users\win7\AppData\Local\Temp\is-PRQN2.tmp\botva2.dll
C:\Windows\system32\WindowsCodecs.dll
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\system32\RichEd20.dll
C:\Windows\syswow64\CRYPT32.dll
C:\Windows\system32\IEFRAME.dll
C:\Users\win7\AppData\Local\Temp\is-DG1SO.tmp\sample.tmp
C:\Windows\system32\MSFTEDIT.DLL
C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
C:\Windows\system32\RICHED20.DLL
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
C:\Windows\system32\DUser.dll
C:\Windows\syswow64\msvcrt.dll
C:\Windows\system32\Msftedit.dll
C:\Windows\system32\Riched20.dll
C:\Users\win7\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\win7\AppData\Roaming\CameraCode.exe
C:\Users\win7\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
C:\Windows\system32\DirectX\WebSetup\dsetup.dll
C:\Windows\system32\DirectX\WebSetup\DSETUP32.DLL
C:\Windows\system32\RichEd20.DLL
C:\Users\win7\AppData\Local\Temp\{EEBFACC9-3DF6-45B1-A3C3-2B970F901B87}\Disk1\ISSetup.dll
C:\Users\win7\AppData\Local\Temp\{EEBFACC9-3DF6-45B1-A3C3-2B970F901B87}\_Setup.dll
C:\Users\win7\AppData\Local\Temp\{29BF08D8-5EBF-4BBB-8889-EB06CD44EEA7}\{B7D28AE1-631E-4C83-9524-B52CC928061B}\ISRT.dll
C:\Windows\system32\RICHED20.dll
C:\Users\win7\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
C:\Users\win7\AppData\Local\Tem
C:\Users\win7\AppData\Local\Temp\~nsuA.tmp\Au_.exe
C:\Users\win7\AppData\Local\Temp\cf60f67c-ff88-41b2-910e-09ff293a84ab\AdAwareWebInstaller.exe
C:\Users\win7\AppData\Local\Temp\is-5EF0Q.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\GUMFD91.tmp\DropboxUpdate.exe
C:\Users\win7\AppData\Local\Temp\GUMFD91.tmp\goopdate.dll
C:\Users\win7\AppData\Local\Temp\is-5I9TP.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-79L04.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-EA61V.tmp\b2p.dll
C:\Users\win7\AppData\Local\Temp\is-EA61V.tmp\botva2.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\GDIPlus.DLL
C:\Windows\system32\ieframe.dll
C:\Users\win7\AppData\Local\Temp\is-6DLRT.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-U88L8.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\OIC939.tmp
C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1163633.exe
C:\Windows\system32\Adobe\Director\SwDir.dll
\\?\C:\Users\win7\AppData\Local\Temp\{93801939-3F36-4626-A1E1-1CA7080BACF9}\1033.dll
C:\Users\win7\AppData\Local\Temp\is-CEUPE.tmp\isSlideShow.dll
C:\Users\win7\AppData\Local\Temp\is-EIV1M.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\{91861EC7-F2DE-471F-9B98-7BDDD1E9F0B3}\ISSetup.dll
C:\Windows\system32\msi.dll
C:\Windows\SysWOW64\MSCOREE.DLL
C:\Windows\system32\DINPUT8.DLL
C:\Windows\system32\DSOUND.DLL
C:
C:\Windows\system32\MSVBVM60.DLL
C:\Users\win7\AppData\Local\Temp\is-54OJ8.tmp\BASS.dll
C:\Users\win7\AppData\Local\Temp\is-9CQTD.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-54OJ8.tmp\VclStylesInno.dll
C:\Users\win7\AppData\Local\Temp\is-54OJ8.tmp\bp.dll
C:\Users\win7\AppData\Local\Temp\is-OAVVC.tmp\sample.tmp
C:\Windows\SysWOW64\Wbem\wmic.exe
C:\Users\win7\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
C:\Users\win7\AppData\Local\CatalinaGroup\Update\1.3.25.223\goopdate.dll
C:\Users\win7\AppData\Local\CatalinaGroup\Update\1.3.25.223\psuser.dll
C:\Users\win7\AppData\Local\Temp\is-2AM85.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\n1s\nchsetup.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\mscoree.dll
C:\Windows\system32\PROPSYS.dll
C:\Windows\system32\ntshrui.dll
C:\Users\win7\AppData\Local\Temp\setup.exe
C:\Users\win7\AppData\Local\Temp\is-JN4LV.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-GU8EH.tmp\sample.tmp
C:\Windows\System32\msxml6.dll
C:\Windows\system32\EhStorShell.dll
C:\Users\win7\AppData\Local\Temp\is-O1C3U.tmp\sample.tmp
C:\Windows\system32\DINPUT.DLL
C:\Windows\system32\dsound.dll
C:\Windows\system32\UxTheme.dll
C:\Windows\system32\wsock32.dll
C:\Windows\system32\winspool.drv
C:\Windows\system32\olepro32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
C:\Windows\system32\POWRPROF.dll
C:\Windows\system32\DNSAPI.dll
C:\CFVS_HookDll.dll
C:\Windows\system32\version.DLL
C:\Windows\syswow64\CRYPTBASE.dll
C:\Windows\syswow64\SspiCli.dll
C:\Windows\syswow64\comdlg32.dll
C:\Windows\syswow64\NSI.dll
C:\Windows\syswow64\OLEAUT32.dll
C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\Windows\SysWOW64\sechost.dll
C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\Windows\syswow64\RPCRT4.dll
C:\Windows\syswow64\USERENV.dll
C:\Windows\syswow64\profapi.dll
C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\Windows\syswow64\USP10.dll
C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\Windows\syswow64\SHELL32.dll
C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\Windows\syswow64\WININET.dll
C:\Windows\syswow64\WS2_32.dll
C:\Windows\syswow64\normaliz.DLL
C:\Windows\syswow64\CFGMGR32.dll
C:\Windows\syswow64\iertutil.dll
C:\Windows\syswow64\LPK.dll
C:\Windows\syswow64\urlmon.dll
C:\Windows\syswow64\SETUPAPI.dll
C:\Windows\syswow64\DEVOBJ.dll
C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\Windows\system32\explorerframe.dll
C:\Users\win7\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\win7\AppData\Roaming\Spotify\SpWebInst0.exe
C:\Users\win7\AppData\Local\Temp\is-EHE5M.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\GUM95FE.tmp\DropboxUpdate.exe
C:\Users\win7\AppData\Local\Temp\GUM95FE.tmp\goopdate.dll
C:\Windows\SysWOW64\.exe
C:\Windows\SysWOW64\DDRAW.dll
C:\Windows\SysWOW64\.ex
C:\Windows\SysWOW64\dxgi.dll
C:\Windows\SysWOW64\d3d11.dll
C:\Windows\SysWOW64\D3D10Warp.dll
C:\Windows\SysWOW64\jscript9.dll
C:\Windows\IFinst27.exe
C:\Users\win7\AppData\Local\Temp\0011ade1.a
C:\Windows\syswow64\oleaut32.dll
C:\Windows\syswow64\shell32.dll
C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx
-33363537-
C:\Windows\system32\winmm.dll
C:\Users\win7\AppData\Local\Temp\000c9e58.a
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\system32\werui.dll
C:\Windows\SysWOW64\RunDll32.exe
C:\Users\win7\AppData\Local\Temp\is-HT63B.tmp\sample.tmp
C:\Windows\SysWOW64\RunDll32.ex
C:\Windows\SysWOW64\RichEd20.dll
C:\Users\win7\AppData\Local\Temp\is-C7QA1.tmp\OCSetupHlp.dll
C:\Users\win7\AppData\Local\Temp\is-C7QA1.tmp\UnRAR.exe
C:\Users\win7\AppData\Local\Temp\is-46GJ2.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\comodoccav_temp_setup\ccavstart.exe
C:\Users\win7\AppData\Local\Temp\comodoccav_temp_setup\cmdhtml.dll
C:\Users\win7\AppData\Local\Temp\is-EN3TH.tmp\sample.tmp
c:\2ed0ac1b0a72e040d7c7cf71ce1c3a\HotFixInstaller.exe
C:\Windows\GeoOCX\WebCam\20141101\GeoCodecReg\GeoCodecReg.exe
C:\Windows\GeoOCX\WebCam\20141101\GVMegaPixelViewer.dll
C:\Windows\GeoOCX\WebCam\20141101\Setup.exe
C:\Windows\GeoOCX\WebCam\20141101\ImageGUI.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoWatermark.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoFisheye.dll
C:\Windows\GeoOCX\WebCam\20141101\GeoEditAVIDllV2.dll
C:\Windows\GeoOCX\WebCam\20141101\GvCrypto.dll
C:\Windows\GeoOCX\WebCam\20141101\DMPTZControlDLL.dll
C:\Windows\GeoOCX\WebCam\20141101\IA_VIDEO.dll
C:\Windows\GeoOCX\WebCam\20141101\PtzStick_Parser.dll
C:\Windows\GeoOCX\WebCam\20141101\LiveClient_8200.dll
C:\Windows\GeoOCX\WebCam\20141101\LiveX_8500.ocx
C:\Windows\GeoOCX\WebCam\201411
C:\Windows\system32\DSOUND.dll
C:\Users\win7\AppData\Local\Temp\pft2F0.tmp\Disk1\Setup.exe
C:\Users\win7\AppData\Local\Temp\pftC6C8.tmp\Disk1\Setup.exe
C:\Windows\system32\MSHTML.dll
C:\Users\win7\AppData\Local\Temp\is-IAKUM.tmp\isSlideShow.dll
C:\Users\win7\AppData\Local\Temp\is-77DOR.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\b52eacea-fbfb-11e5-a469-0800270b3b33\Ninite.exe
C:\Users\win7\AppData\Local\Temp\is-3V1B6.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-LJO9O.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-J8KP6.tmp\b2p.dll
C:\Users\win7\AppData\Local\Temp\is-J8KP6.tmp\botva2.dll
C:\Windows\syswow64\SetupApi.dll
C:\Users\win7\AppData\Local\Temp\is-U057B.tmp\sample.tmp
C:\Windows\system32\riched20.dll
C:\Windows\system32\DINPUT.dll
C:\Users\win7\AppData\Local\Temp\is-NIR4R.tmp\sample.tmp
L
\sample
4
\
C:\Users\win7\AppData\Local\Temp\001250d7.a
C:\Users\win7\AppData\Local\Temp\GUM2F0.tmp\DropboxUpdate.exe
C:\Users\win7\AppData\Local\Temp\GUM2F0.tmp\goopdate.dll
C:\Users\win7\AppData\Local\Temp\is-GL7RS.tmp\sample.tmp
C:\Windows\SysWOW64\MSIEXEC.EXE
C:\Windows\SysWOW64\MsiHnd.dll
C:\Windows\SysWOW64\RICHED20.DLL
C:\Users\win7\AppData\Local\Temp\is-V27F6.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\{df6db185-7fb4-4cc4-a144-2f6c0fb80716}\.ba1\wixstdba.dll
C:\Users\win7\AppData\Local\Temp\installer0.exe
C:\Windows\syswow64\Crypt32.dll
C:\Users\win7\AppData\Local\Temp\nssEA13.tmp\progress.dll
C:\Users\win7\AppData\Local\Temp\is-2V77D.tmp\sample.tmp
c:\313ade2d7ca93ca29788\update\update.exe
c:\313ade2d7ca93ca29788\update\
C:\Users\win7\AppData\Local\Temp\is-4KD6I.tmp\sample.tmp
C:\Windows\svchobst.exe
C:\Users\win7\AppData\Local\Temp\pftE678.tmp\LocalInstall.exe
C:\Users\win7\AppData\Local\Temp\_uninstall\_uninstall1536
C:\Users\win7\AppData\Local\Temp\is-CMCC1.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\nswB2D8.tmp\GGExit.exe
C:\Users\win7\AppData\Local\Temp\{0d931f65-00ff-4fba-8569-6c1d016183a0}\.ba1\wixstdba.dll
C:\Users\win7\AppData\Local\Temp\is-PGAVR.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\TGClientInst.exe
C:\Windows\system32\CRTDLL.DLL
C:\Users\win7\AppData\Local\Temp\is-9T4AH.tmp\sample.tmp
C:\Users\win7\AppData\Local\Adobe\DE1E5201-CB40-491C-9CBB-51ED1B410290\gtcheck.exe
C:\Users\win7\AppData\Local\Temp\is-AQ697.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-UUTN1.tmp\sample.tmp
C:\Windows\SysWOW64\regsvr32.exe
}V@
C:\Windows\system32\DWMAPI.DLL
C:\Windows\system32\apphelp.dll
C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
C:\Windows\syswow64\CLBCatQ.DLL
C:\Windows\system32\windowscodecsext.dll
C:\Windows\system32\msls31.dll
C:\Windows\system32\ntmarta.dll
C:\Windows\system32\icm32.dll
C:\Windows\system32\mscms.dll
C:\Windows\system32\windowscodecs.dll
C:\Windows\system32\DWrite.dll
C:\Windows\system32\d2d1.dll
C:\Windows\system32\SXS.DLL
C:\Windows\system32\msimtf.dll
C:\Windows\system32\MLANG.dll
C:\Windows\System32\fwpuclnt.dll
C:\Windows\System32\winrnr.dll
C:\Windows\system32\pnrpnsp.dll
C:\Windows\system32\napinsp.dll
C:\Windows\System32\npmproxy.dll
C:\Windows\system32\dhcpcsvc.DLL
C:\Windows\system32\rasadhlp.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\system32\CRYPTSP.dll
C:\Windows\System32\netprofm.dll
C:\Windows\system32\dhcpcsvc6.DLL
C:\Windows\system32\RpcRtRemote.dll
C:\Windows\System32\wshtcpip.dll
C:\Windows\System32\nlaapi.dll
C:\Windows\System32\wship6.dll
C:\Windows\system32\mswsock.dll
C:\Windows\system32\WINNSI.DLL
C:\Windows\system32\IPHLPAPI.DLL
C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
C:\Windows\system32\Secur32.dll
C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
C:\Windows\syswow64\psapi.dll
C:\Windows\syswow64\MSASN1.dll
C:\Windows\syswow64\WINTRUST.dll
C:\Windows\syswow64\WLDAP32.dll
C:\Users\win7\AppData\Local\Temp\{fb74531f-28c3-4dca-9849-e6b8faa85afe}\.ba1\BA_DLL.dll
C:\Users\win7\AppData\Local\Temp\is-KP5SB.tmp\isSlideShow.dll
C:\Users\win7\AppData\Local\Temp\is-MG237.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-V2U7V.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\6282d1bc-b581-489f-9e11-e6f8699c7bc0.dll
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcm80.dll
C:\Users\win7\AppData\Local\Temp\is-LMTPP.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-1HU4P.tmp\b2p.dll
C:\Users\win7\AppData\Local\Temp\is-1HU4P.tmp\botva2.dll
C:\Users\win7\AppData\Local\Temp\000c4b76.a
C:\Windows\system32\UIRibbon.dll
C:\Users\win7\AppData\Local\Temp\~vis0000\vise32ex.dll
C:\WBDJA44I.DLL
C:\Users\win7\AppData\Local\Temp\is-EHNM0.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\_uninstall\_uninstall860
C:\Windows\SysWOW64\cmd.exe
C:\Users\win7\AppData\Local\Temp\amisetup5784_il1.exe
\Users\win7\AppData\Local\Temp\amisetup5784_il1.exe
Local\Temp\amisetup5784_il1.exe
C:\Users\win7\AppData\Local\Temp\GUM6D0C.tmp\DropboxUpdate.exe
C:\Users\win7\AppData\Local\Temp\GUM6D0C.tmp\goopdate.dll
C:\Windows\system32\input.dll
C:\Users\win7\AppData\Local\Temp\27H6H4JB\sample\plugins\0\CustomUI.dll
C:\Windows\SysWOW64\DUser.dll
C:\Users\win7\AppData\Local\Temp\dup2patcher.dll
C:\Windows\system32\credui.dll
c:\6c055abc11ad2eba29ab92cecb\e
c:\6c055abc11ad2eba29ab92cecb\epplauncher.exe
C:\Users\win7\AppData\Local\Temp\is-URLN5.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\sample
C:\Users\win7\AppData\Local\Temp\SetupPro.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\GDIPLUS.DLL
C:\Users\win7\AppData\Local\Temp\befcicgjed.exe
C:\Users\win7\AppData\Local\Temp\nsh5EC1.tmp\OCSetupHlp.dll
C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\Connect.dll
C:\Users\win7\AppData\Local\Temp\7zS96B.tmp\setup-stub.exe
C:\Users\win7\AppData\Local\Temp\stkGsk9.exe
C:\Users\win7\AppData\Local\Temp\oeb2C93.tmp
C:\Users\win7\AppData\Local\Temp\is-CDE5R.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-PP66L.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-7U60B.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-131SI.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-8R6MI.tmp\botva2.dll
C:\Users\win7\AppData\Local\Temp\nsyFA36.tmp\g\gtapi_signed.DLL
C:\Users\win7\AppData\Local\Temp\nsyFA36.tmp\g\pfWWW.DLL
C:\Windows\SysWOW64\rundll32.ex
C:\Windows\SysWOW64\PROPSYS.dll
C:\Users\win7\baoaka.exe
C:\Users\win7\AppData\Local\Temp\is-OS3UK.tmp\sample.tmp
C:\Windows\system32\CRTDLL.dll
C:\Users\win7\AppData\Local\Temp\is-IV03H.tmp\sample.tmp
C:\Users\win7\AppData\Roaming\winlogon.exe
C:\Users\win7\AppData\Local\Temp\nsz5536.tmp\repair.exe
C:\Windows\system32\RASDLG.dll
C:\Windows\system32\msftedit.DLL
C:\Users\win7\AppData\Roaming\DATE.exe
C:\Users\win7\AppData\Roaming\svchost.exe
C:\Users\win7\AppData\Local\Temp\pft8FD4.tmp\inst.exe
c:\windows\system32\msvbvm60.DLL
C:\Users\win7\AppData\Local\Temp\{fa356f34-eef9-4655-aa8e-0eea851f3102}\.ba1\wixstdba.dll
C:\Users\win7\AppData\Local\Temp\{84cc4d51-23ee-42a3-af9f-43f332a362a2}\.ba1\wixstdba.dll
C:\Users\win7\AppData\Local\Temp\is-8EU0F.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\{629A2788-43ED-4887-9AFA-A3F8699C7BC0}\Disk1\ISSetup.dll
C:\Users\win7\AppData\Local\Temp\{B85DEA05-E1C8-434C-B270-78F4CADEDFFF}\{7D916FA5-DAE9-4A25-B089-655C70EAF607}\InstallHelper.dll
C:\Users\win7\AppData\Local\Temp\{941026FD-CD36-4988-A81B-9B3B11755DDA}\Disk1\ISSetup.dll
C:\Users\win7\AppData\Local\Temp\{941026FD-CD36-4988-A81B-9B3B11755DDA}\_Setup.dll
C:\Users\win7\AppData\Local\Temp\{8BC43DD4-1DA0-4E52-89C0-3098264D9D60}\{99F351B0-E2CD-43E2-935F-256F1CF1348B}\ISRT.dll
C:\Users\win7\AppData\Local\Temp\befchjibed.exe
C:\Users\win7\AppData\Local\Temp\rnupdate0.exe
C:\Users\win7\AppData\Local\Temp\IPMx2\setup.exe
C:\Windows\SysWOW64\REGSVR32.EXE
C:\Users\win7\AppData\Local\Temp\is-3IUNU.tmp\setup.tmp.tmp
C:\Windows\system32\mscoree.DLL
C:\Users\win7\AppData\Local\Temp\GLK5F1F.tmp
C:\Users\win7\AppData\Local\Temp\GLC5CCB.tmp
C:\Windows\SysWOW64\wscript.exe
C:\Windows\system32\crtdll.dll
C:\Windows\system32\appwiz.cpl
C:\ProgramData\Short Lead\Change ground.exe
C:\Windows\SysWOW64\schtasks.exe
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|