File: 1c3153624eb90c3b3ca274240460a9eaa4d53460edf69cba060ce920db6caffa
Metadata
| do.exe | |
| PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | 1039360 bytes |
| 2016-08-17 01:38:04 | |
| d45e131616e98f0d4c9663a766aec9a2 | |
| 52c0af4feb01648bb21bfcc6eeca3138c759a81c | |
| 1c3153624eb90c3b3ca274240460a9eaa4d53460edf69cba060ce920db6caffa | |
| 5be10244749aa0051edb453551cf9530cb91e600f7b26d16e5e940763a5c4386c8788351862f7d40f0db12f83f3a7b33bc29a89665c08195613a5e4b5933d0d9 | |
| 24576:0vrxhtyC+TXPbh8qvVNL66ivdlBcjpKi3CFCjDwyqFT2ImS:49LqPbh8qdNLhi1gpKiZDE2I | |
| f34d5f2d4577ed6d9ceec516c1f5a744 | |
| N/A | |
APTNotes
Cyber threat intelligence reports associated with 1c3153624eb90c3b3ca274240460a9eaa4d53460edf69cba060ce920db6caffa.
Cyber threat intelligence reports associated with 1c3153624eb90c3b3ca274240460a9eaa4d53460edf69cba060ce920db6caffa.
Domains
Domains the malware sample communicates with.
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
AV detection names associated with the malware sample.
| AVG | MSIL10.BADQ |
| AegisLab | Uds.Dangerousobject.Multi!c |
| AhnLab-V3 | Win-Trojan/FCN.140610 |
| Avast | MSIL:GenMalicious-AZQ [Trj] |
| Avira | TR/Dropper.MSIL.bsbf |
| Baidu | Win32.Trojan.WisdomEyes.151026.9950.9999 |
| DrWeb | Trojan.PWS.Stealer.16236 |
| ESET-NOD32 | a variant of MSIL/Injector.QAK |
| GData | Win32.Trojan-Spy.Heye.XB4CMU |
| K7GW | Trojan ( 004f5d371 ) |
| Kaspersky | Backdoor.Win32.Androm.klrk |
| McAfee | Artemis!D45E131616E9 |
| McAfee-GW-Edition | Artemis!Trojan |
| Qihoo-360 | Win32/Trojan.5f1 |
| Symantec | Heur.AdvML.C |
| TrendMicro-HouseCall | TROJ_GEN.R047H0DHG16 |
Mutants
Mutants created by the malware sample.
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
Registry keys created by the malware sample.
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
| HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\LevelObjects |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
| {dda3f824-d8cb-441b-834d-be2efd2c1a33} |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Ole |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName |
| ActiveComputerName |
| HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes |
| HKEY_LOCAL_MACHINE\Software\Classes |
| \REGISTRY\USER |
| HKEY_LOCAL_MACHINE\Software\Classes\CLSID |
| CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24} |
| CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs |
| \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24} |
| \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32 |
| \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServerX86 |
| \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32 |
| \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32 |
| \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandlerX86 |
| \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24} |
| HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient |
| CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820} |
| CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs |
| \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820} |
| \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32 |
| \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServerX86 |
| \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer32 |
| \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32 |
| \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandlerX86 |
| \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer |
| \AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820} |
| HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820} |
| HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 |
| CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} |
| CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs |
| \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} |
| \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32 |
| \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServerX86 |
| \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer32 |
| \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32 |
| \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandlerX86 |
| \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} |
| HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs |
| HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887} |
| HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 |
| HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7} |
| HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 |
| CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA} |
| CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs |
| \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA} |
| \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32 |
| \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServerX86 |
| \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32 |
| \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32 |
| \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandlerX86 |
| \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA} |
| HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs |
| HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001} |
| HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 |
| CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD} |
| CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs |
| \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD} |
| \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32 |
| \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServerX86 |
| \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32 |
| \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32 |
| \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandlerX86 |
| \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD} |
| HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs |
| HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD} |
| HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 |
| HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD} |
| HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework |
| HKEY_CURRENT_USER\Software\Microsoft\.NETFramework\Policy\Standards |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards\v2.0.50727 |
| HKEY_CURRENT_USER\Software\Microsoft\.NETFramework |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion |
| HKEY_CURRENT_USER\Software\Microsoft\Fusion |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index42 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\1 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\1 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\342d7a23\6b1062f3 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e\2d |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\268e923b\24 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\10 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\e |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\61a5c1bb\44 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\6abb48d8\39 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\643db07b\27 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\7949fb97\45 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\8 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\67e63d5c\6 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\7 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6e9ac653\8 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748\11 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2995e574\9 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\3914f670\25 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4426ac2f\21 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\31de29a4\b |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider Types\Type 001 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa |
| HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 |
| HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\2845fdba\44038d61 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1547161642-507921405-839522115-1004\Installer\Assemblies\C:|DOCUME~1|User|LOCALS~1|Temp|FolderN|name.exe |
| HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|DOCUME~1|User|LOCALS~1|Temp|FolderN|name.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|DOCUME~1|User|LOCALS~1|Temp|FolderN|name.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1547161642-507921405-839522115-1004\Installer\Assemblies\Global |
| HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\2845fdba\6f33bf52 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global |
| HKEY_CLASSES_ROOT\AppID\name.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JldkCk.dll |
| HKEY_CURRENT_USER\Software\Microsoft\PCHealth\ErrorReporting\DW\Debug |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Common\Security |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Office\11.0\Common\InstallRoot |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Office |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Common\ProductVersion |
| HKEY_CURRENT_USER\Software\Microsoft\PCHealth\ErrorReporting\DW |
| HKEY_LOCAL_MACHINE\Software\Microsoft\PCHealth\ErrorReporting\DW |
| HKEY_LOCAL_MACHINE\Software\Microsoft\PCHealth\ErrorReporting\DW\Debug |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDlls |
Comments
User comments about 1c3153624eb90c3b3ca274240460a9eaa4d53460edf69cba060ce920db6caffa.
User comments about 1c3153624eb90c3b3ca274240460a9eaa4d53460edf69cba060ce920db6caffa.
