Adware.Baidu

Por GoldSparrow em Adware

Traduzir Para:

Cartão de pontuação de ameaças

Popularity Rank:	2,794
Nível da Ameaça:	20 % (Normal)
Computadores infectados:	15,237

Visto pela Primeira Vez:	July 24, 2009
Visto pela Última Vez:	June 15, 2026
SO (s) Afetados:	Windows

O Adware.Baidu é um aplicativo de adware, criado para exibir anúncios popups. O Adware.Baidu é conhecido por ser instalado através de Trojans Downloaders e de drive-by downloads do Javascript. O Baidu está relacionado com um mecanismo de pesquisa de origem chinesa. O Adware.Baidu também é capaz de recolher e enviar informações sobre os seus padrões de navegação.

Índice

SpyHunter detecta e remove Adware.Baidu

Detalhes Sobre os Arquivos do Sistema

Adware.Baidu pode criar o(s) seguinte(s) arquivo(s):

Expandir todos | Recolher todos

#	Nome do arquivo	MD5	Detecções Detecções: O número de casos confirmados e suspeitos de uma determinada ameaça detectada nos computadores infectados conforme relatado pelo SpyHunter.
1.	TheMatrix.scr	0697fed1e358d6fd1c97e9d9db40ebdb	3,864
Nome: TheMatrix.scr MD5: 0697fed1e358d6fd1c97e9d9db40ebdb Tamanho: 551.42 KB (551424 bytes) Detecções: 3,864 Caminho: %WINDIR%\System32\TheMatrix.scr Grupo: Arquivo de malware Ultima Atualização: January 31, 2026
2.	bdupdate.exe	21e3ebc9aec62a5d2e1033594d6f13ab	3,705
Nome: bdupdate.exe MD5: 21e3ebc9aec62a5d2e1033594d6f13ab Tamanho: 503.53 KB (503536 bytes) Detecções: 3,705 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\baidu\baiduupdate\bdupdate.exe Grupo: Arquivo de malware Ultima Atualização: December 29, 2024
3.	A0109889.exe	08e09fb31437955849034d16a4594cc7	563
Nome: A0109889.exe MD5: 08e09fb31437955849034d16a4594cc7 Tamanho: 1.57 MB (1573608 bytes) Detecções: 563 Tipo: Executable File Caminho: C:\System Volume Information\_restore{11E002E6-0E6C-43C5-BFD4-9ACDB5CD6207}\RP241\A0109889.exe Grupo: Arquivo de malware Ultima Atualização: November 16, 2024
4.	TTPlayer.exe	74fa381b42e80712e8907740cfa1ef4f	90
Nome: TTPlayer.exe MD5: 74fa381b42e80712e8907740cfa1ef4f Tamanho: 2.78 MB (2787480 bytes) Detecções: 90 Tipo: Executable File Caminho: %PROGRAMFILES%\TTPlayer Grupo: Arquivo de malware Ultima Atualização: April 18, 2020
5.	TTPlayer.lnk	989275d50b9121699067c065f098f1a7	84
Nome: TTPlayer.lnk MD5: 989275d50b9121699067c065f098f1a7 Tamanho: 1.58 KB (1588 bytes) Detecções: 84 Tipo: Shortcut Caminho: %USERPROFILE%\Start Menu\Programs\Startup Grupo: Arquivo de malware Ultima Atualização: July 1, 2013
6.	winsys32_071106.dll	1285cdd314e057f7c758bbbd372bd563	0
Nome: winsys32_071106.dll MD5: 1285cdd314e057f7c758bbbd372bd563 Tamanho: 204.28 KB (204288 bytes) Detecções: 0 Tipo: Dynamic link library Grupo: Arquivo de malware Ultima Atualização: December 11, 2009
7.	scrsys16_071012.dll	fc97129c51349a568da1bed8d0b9b42a	0
Nome: scrsys16_071012.dll MD5: fc97129c51349a568da1bed8d0b9b42a Tamanho: 24.57 KB (24576 bytes) Detecções: 0 Tipo: Dynamic link library Grupo: Arquivo de malware Ultima Atualização: December 11, 2009
8.	winsys16_071106.dll, scrsys16_071106.dll	918a8d845cd3f72c66e9452395fda517	0
Nome: winsys16_071106.dll, scrsys16_071106.dll MD5: 918a8d845cd3f72c66e9452395fda517 Tamanho: 21.5 KB (21504 bytes) Detecções: 0 Tipo: Dynamic link library Grupo: Arquivo de malware Ultima Atualização: December 11, 2009

Arquivos Adicionais

Relatório de análise

Informação geral

Family Name:	Adware.Baidu
Signature status:	No Signature

Known Samples

MD5: b5d8b339f9fdd3c3b6200d3f4306e920

SHA1: a024030dc357bec0362e817ab0ac50e876f3edc0

Tamanho do Arquivo: 4.45 MB, 4447763 bytes

MD5: 09affa706c6d509a59f29e5fe0022027

SHA1: 3f6ab836a20b7e3336330017ab7a24dd5470f317

SHA256: 23ACFC0C1371C75A8FFD0CDCB142634750E469B986463C542D42B3B73823CC08

Tamanho do Arquivo: 212.68 KB, 212684 bytes

MD5: df27b0974d3b01f8bf5e0d4b34d5353b

SHA1: 530f7c20168f2fdafe58a64f9faadb9eedbcff36

SHA256: 14EB3AD6D359EC012F2AE0E8C58E83DB5EE5689BEA6F945D5166894F1B1F0B4E

Tamanho do Arquivo: 3.66 MB, 3659399 bytes

MD5: 86d942bf0577f24016a22c2995207f9c

SHA1: 5cc346c2bc7174195c60271f57008aea269e21c8

SHA256: A3AE019F3932E4FEFC6065AFC90BDC6DA0FFD85A222B4FDA9A98C5223DC9B10A

Tamanho do Arquivo: 562.17 KB, 562167 bytes

MD5: 4941b0f8ef6609f06bef23e8d95962a8

SHA1: 44df2a7fe3e0359af3a6e9374f2d0cb3bbd19b0b

SHA256: DF6AB41C130C846B9A91D2FAB0388BF48674DF057EFCE525DAB3FC67127E1AC4

Tamanho do Arquivo: 770.05 KB, 770048 bytes

MD5: 9fa77f83659dd190594eb3fcae48be3f

SHA1: d0165a9c9aa36818930f7ceda1a70f37f4ea9d66

SHA256: C731E37A2B626EA57005607C1CF8F0F692F8D1C81DC66E8178322169A6EC38ED

Tamanho do Arquivo: 589.82 KB, 589824 bytes

MD5: b061634fa8c0c97d8849859007151b26

SHA1: 8f010cf8f1dd4b7c920616b7727c687055bac0db

SHA256: C6589774311A25E2C556DE2DB03B48D2D54CCC6F477AD95518B313EBF8F54136

Tamanho do Arquivo: 1.03 MB, 1030184 bytes

MD5: d1cd9c5a6ef0484655850ca88ac968ba

SHA1: da37d117eac37e59039471c8303b871e161fb75b

SHA256: 1BA5E81577EF022D5937DDDC5E19264D270434CCA8F98818DCD5E39C4A8A2A73

Tamanho do Arquivo: 1.05 MB, 1048576 bytes

MD5: 7f4cd3deadfd29e2642e7b0d8016c8dd

SHA1: 64e2da9ad744861d4d1d652cdaa9f268e57989c9

SHA256: 9842EACD107740C2749FB16D2F4D343E35764335220EB8D340C05E3763FDB88D

Tamanho do Arquivo: 531.91 KB, 531912 bytes

MD5: 2c5d1ffde9b5e1620bdd047d983e8572

SHA1: 019e95f1ff4b1244fa249d2af765fec47644509b

SHA256: 289F116AEAA49E4966B84E9ADB9A16D6B90B0C143AFED318EBA3ABCD685F24BD

Tamanho do Arquivo: 3.87 MB, 3866624 bytes

MD5: 06af7bcefe91cb2fff546bbe20cb50e8

SHA1: 2d05103f23e27f0486b9a7b79683a4b33315d172

SHA256: 63FC09D87FF7BE41B34A672A1467E78E7E6AF6C47694EC7EB52ED45DE2111793

Tamanho do Arquivo: 2.46 MB, 2456720 bytes

MD5: 6a39703fe57c66d14346e048c9a53415

SHA1: 2e117fb89de4c279848ef865c4f57f036209c2e5

SHA256: 2CB5D1D5E95E43B946E614DB76B024C19E5005F1CAF2EF1FDA9F8589E91F5FAC

Tamanho do Arquivo: 7.34 MB, 7340032 bytes

MD5: d46078b98b30a61715c2d904da7bed3e

SHA1: 2c780ff968fa5d3b448ff907464a9e7d1d7d7e90

SHA256: 175D9589503061D36D98CCD3D0904D81BADFB3749DF72E89245B59D56C225179

Tamanho do Arquivo: 124.00 KB, 124002 bytes

MD5: 2c9d4e7ca8b9afad781a11e25fed82e6

SHA1: 1f7067dcf046a5553b3abffd150c5e242868dc98

SHA256: 9961720B6708C08FA2BA20002E85EFF5854E39FD46E583A485883C49250824B5

Tamanho do Arquivo: 548.04 KB, 548043 bytes

MD5: 3ced81f806d207bad984f0eb9e77576d

SHA1: 5098d2dab62d36f4a751574157145cb1a16b7603

SHA256: 2CB6CADFFE86C6D4455969F141A919A149F7C4017028A7ABB600B5E3D4246E54

Tamanho do Arquivo: 3.06 MB, 3064432 bytes

MD5: b9a90a4ff008c85466b6b3f93961b6ba

SHA1: bdbd7db2dfc8a84de9580a40c821b339d999e1ec

SHA256: C7041C4D491D87749ECAEE496D1D24E9A59211AE5418FAE188C2EC09E48900E8

Tamanho do Arquivo: 607.70 KB, 607700 bytes

MD5: 5aee39ad455f932a92e290b1141c7861

SHA1: df33e730085bdd37a7f1c740c0dfe180fab2d9ab

SHA256: 6B6867040C45A9A1D02EE1FC66C8B5AE2EF5CC8CFAE70AC5E11DD1CE1092FF95

Tamanho do Arquivo: 480.09 KB, 480088 bytes

MD5: 7458cefd08ab7520da1bf0cb8214f716

SHA1: e48f5867fc9bd7214af633589c09f8cffaaf654a

SHA256: 91B59343F335A116085786AE3F7E251E20A93F77ACAB0B0C877FD942AA87E849

Tamanho do Arquivo: 653.50 KB, 653498 bytes

MD5: a4d62c2688e91ee37876514ea63d0d55

SHA1: e84c45d49525107c4ff3dbd7da04e651fa6c2e6e

SHA256: 1C7AC6CB7611F2BBEE71E129A4663D20AC810867976591AF8BE3372747EF4811

Tamanho do Arquivo: 455.34 KB, 455336 bytes

MD5: 9a07643549a08550e262f3c49b651898

SHA1: efa3cfc7c92b6acc4909707229c43961f6b646de

SHA256: 34036F2F52A2065AA1EF3F709B1EFA0C2F9FB69012371EE6A20FB8FA7ABBFD6E

Tamanho do Arquivo: 4.41 MB, 4407296 bytes

MD5: 50bcdff390467d070902d131fafa287c

SHA1: 0f7075f6f962d3a7a45942752d5ea39038044e64

SHA256: C02974D0F56EBCCD620643EAB3B98BE5DE8082D28784FCCC04B7EFAD7D5DDAB3

Tamanho do Arquivo: 2.11 MB, 2110152 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Nome	Valor
Channel Name	{ChannelName need to be replaced!}
Comments	BaiduYunguanjia Installer For additional details, visit PortableApps.com Format Factory Media Tools 超级兔子是一款拥有超过10年历史的老牌计算机功能辅助软件，它能帮助用户轻松辨别硬件真伪、安装硬件驱动、安装系统补丁及软件升级、优化系统、提升电脑速度、清除系统垃圾、保护IE安全、屏蔽广告弹窗、清理流氓软件……真正让用户打造属于自己的安全系统。
Company Name	Baidu Baidu, Inc. Baidu.com, Inc. Cai Xuan Free Time FunGame Co., Ltd. PortableApps.com 百度在线网络技术（北京）有限公司
File Description	Baidu Antivirus Uninstall BaiduPlayer Setup BaiduYunguanjia Installer Format Factory Video/Audio/Picture Converter FunGame's Install Program WuDeQian xpy Portable 百度网盘AI修图百度软件中心助手安装程序超级兔子安装程序
File Version	2008.4.24 2008.3.11 12.2.4.0 8.4.5.103 8.2.5.103 8.2.1.102 8.1.9.101 7.61.0.105 7.60.5.106 7.57.0.102 Show More 7.50.0.132 4.4.4.78690 3.14.3 3.6.0.0 1.3.8.0 1.3.0.417 1.0.25.66 1.0.0.240
Internal Name	xpy Portable
Legal Copyright	Baidu. All rights reserved. Copyright (C) 2000-2014 Copyright (C) 2013 Baidu, Inc. All Rights Reserved. Copyright (C) 2013 Baidu Inc. Copyright (c) Baidu Company Copyright © 2026 Baidu. All rights reserved. Format Factory PortableApps.com Installer Copyright 2007-2014 PortableApps.com. 超级兔子
Legal Trademarks	Baidu Format Factory Application is a trademark of FreeTime PortableApps.com is a registered trademark of Rare Ideas, LLC.
Original Filename	xpyPortable_1.3.8.paf.exe
Portable Apps.com App I D	xpyPortable
Portable Apps.com Format Version	3.0.10
Portable Apps.com Installer Version	3.0.10.0
Product Name	Baidu Antivirus BaiduPlayer Setup BaiduYunguanjia Installer Application Format Factory FunGame NetdiskAIPhoto normal SOFT Super Rabbit 2011 xpy Portable Show More 百度软件中心助手
Product Version	4.4.4.78690 3.14.3 3.6.0.0 1.3.8.0 1.3.0.417 1.0.25.66 1.0.0.240

Digital Signatures

Signer	Root	Status
Beijing baidu Netcom science and technology co.ltd	Class 3 Public Primary Certification Authority	Root Not Trusted
Beijing Duyou Science and Technology Co.,Ltd.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
Baidu (China) Co., Ltd.	GlobalSign Root CA	Root Not Trusted
Rare Ideas, LLC	UTN-USERFirst-Object	Root Not Trusted
Baidu Online Network Technology (Beijing) Co., Ltd.	VeriSign Class 3 Code Signing 2009-2 CA	Root Not Trusted

Baidu Online Network Technology (Beijing)Co., Ltd

VeriSign Class 3 Code Signing 2010 CA

Self Signed

File Traits

Installer Manifest
nosig nsis
Nullsoft Installer
x86

Block Information

Similar Families

Agent.XCO
Danabot.RA
Danabot.RB
Trojan.Injector.Gen.GOP

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\cto6339.tmp	Generic Write,Read Attributes
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\cto6339.tmp	Synchronize,Write Attributes
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\ctor.dll	Synchronize,Write Data
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\dot62cb.tmp	Generic Write,Read Attributes
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\dot62cb.tmp	Synchronize,Write Attributes
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\dotnetinstaller.exe	Synchronize,Write Data
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\igdi.dll	Synchronize,Write Data
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\ike623d.tmp	Generic Write,Read Attributes
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\ike623d.tmp	Synchronize,Write Attributes

c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\ikernel.dll	Synchronize,Write Data
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\isc6398.tmp	Generic Write,Read Attributes
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\isc6398.tmp	Synchronize,Write Attributes
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\iscript.dll	Synchronize,Write Data
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\isp5e5f.tmp\setup.dll	Synchronize,Write Data
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\isp5e5f.tmp\temp.000	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\isp6027.tmp\igdi.dll	Synchronize,Write Attributes
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\isp6027.tmp\igdi.dll	Synchronize,Write Data
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\isp6027.tmp\temp.000	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\ius63f7.tmp	Generic Write,Read Attributes
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\ius63f7.tmp	Synchronize,Write Attributes
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\iuser.dll	Synchronize,Write Data
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\set5e6f.tmp	Generic Write,Read Attributes
c:\program files (x86)\common files\installshield\professional\runtime\10\00\intel32\setup.dll	Synchronize,Write Data
c:\program files (x86)\common files\installshield\professional\runtime\ikernel.rgs	Generic Write,Read Attributes
c:\program files (x86)\common files\installshield\professional\runtime\ikernel.rgs	Synchronize,Write Attributes
c:\program files (x86)\common files\installshield\professional\runtime\isp6446.tmp	Generic Write,Read Attributes
c:\program files (x86)\common files\installshield\professional\runtime\isp6446.tmp	Synchronize,Write Attributes
c:\program files (x86)\common files\installshield\professional\runtime\isprobe.tlb	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\common files\installshield\professional\runtime\obj64a5.tmp	Generic Write,Read Attributes
c:\program files (x86)\common files\installshield\professional\runtime\obj64a5.tmp	Synchronize,Write Attributes
c:\program files (x86)\common files\installshield\professional\runtime\objectps.dll	Synchronize,Write Data
c:\users\user\appdata\local\temp\6793.rra	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_se6096.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bye5b6f.tmp\disk1\data1.cab	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bye5b6f.tmp\disk1\data1.hdr	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bye5b6f.tmp\disk1\engine32.cab	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bye5b6f.tmp\disk1\layout.bin	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bye5b6f.tmp\disk1\setup.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bye5b6f.tmp\disk1\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bye5b6f.tmp\disk1\setup.ibt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bye5b6f.tmp\disk1\setup.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bye5b6f.tmp\disk1\setup.inx	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\igd6047.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\isp6016.tmp\_setup.dll	Synchronize,Write Data
c:\users\user\appdata\local\temp\isp6016.tmp\temp.000	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\ispackfiles.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\iss5d54.tmp\setup.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa61b2.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsabb38.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsb2359.tmp\brandingurl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb2359.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb2359.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsb2359.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb2359.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb2359.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb2359.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb2359.tmp\tooltips.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse1fce.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\btn_fold.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\btn_ok.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\btn_unfold.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\check.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\close.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\install.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\logo.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\main_bg.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\main_bg_custom.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\main_bg_finish.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\main_bg_install.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\main_instbtn.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\main_selpath.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\min.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\progress_bg.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\progress_pos.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\inst\skin.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7076.tmp\nsskinengine.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbd7a.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsi5d8.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi5d8.tmp\modern-wizard.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsi5d8.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi5d8.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi5d8.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi5d8.tmp\uac.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsia8ee.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nskbbc5.tmp\installhelper.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsofde3.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp60d7.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq61c3.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsq61c3.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq61c3.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsra757.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsu56ec.tmp\drwsetup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsub992.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsvbd8a.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbd8a.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsvbd8a.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbd8a.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbd8a.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbd8a.tmp\nsskinengine.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbd8a.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa94c.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsxa94c.tmp\unimage.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa94c.tmp\unimage.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsyfdd2.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsz204c.tmp\buttonlinker.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz204c.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz204c.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsz204c.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz204c.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz204c.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz204c.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~nsu.tmp\au_.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\~nsua.tmp\un_a.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\20000801.xml	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\aladdinassistant.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\basic.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\bdminidlupdate.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\bugreport.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\dl.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\drivermanager.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\drivers\bd0001.sys	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\drivers\bd0004.sys	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\drivers\bd64_x64.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\drivers\bd64_x86.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\drivers\bdarkit.sys	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\drivers\bdmwrench.sys	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\iebdsofthelperplug.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\back.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\checkbox.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\checkbox_.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\close.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\config.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\defaultlogo.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\error.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\loading.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\logo.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\mainbnd.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\min.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\progressbar_bk.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\image\white.png	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\microsoft.vc80.atl\atl80.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\microsoft.vc80.atl\microsoft.vc80.atl.manifest	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\microsoft.vc80.crt\microsoft.vc80.crt.manifest	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\microsoft.vc80.crt\msvcm80.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\microsoft.vc80.crt\msvcp80.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\microsoft.vc80.crt\msvcr80.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\mindownload.ico	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\npbdsofthelperplug.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\priproxy.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\protocol.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\report.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\uninstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers\bd0001.sys	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers\bd0001.sys	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers\bd0004.sys	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers\bd0004.sys	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers\bd64_x64.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers\bd64_x64.dll	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers\bd64_x86.dll	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers\bd64_x86.dll	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers\bdarkit.sys	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers\bdarkit.sys	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers\bdmwrench.sys	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x64\drivers\bdmwrench.sys	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x86	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x86\drivers	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x86\drivers\bd0001.sys	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x86\drivers\bd0001.sys	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x86\drivers\bd0004.sys	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x86\drivers\bd0004.sys	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x86\drivers\bdarkit.sys	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x86\drivers\bdarkit.sys	Synchronize,Write Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x86\drivers\bdmwrench.sys	Generic Write,Read Attributes
c:\users\user\appdata\roaming\baidu\baidurjdownloader1.3\1.3.0.417\x86\drivers\bdmwrench.sys	Synchronize,Write Attributes
c:\users\user\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3119368278-1123331430-659265220-1001\05142823b0f8a9b87ae059162bfb4b1b_bfeb5820-9643-42ad-a79f-071dff4d8e64	Generic Write,Read Attributes

Registry Modifications

Key::Value	Dados	API Name
HKLM\software\classes\wow6432node\clsid\{f4817e4b-04b6-11d3-8862-00c04f72f303}\inprocserver32::	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f4817e4b-04b6-11d3-8862-00c04f72f303}\inprocserver32::threadingmodel	Both	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f4817e4b-04b6-11d3-8862-00c04f72f303}::	PSFactoryBuffer	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{f4817e4b-04b6-11d3-8862-00c04f72f303}\proxystubclsid32::	{F4817E4B-04B6-11D3-8862-00C04F72F303}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{f4817e4b-04b6-11d3-8862-00c04f72f303}::	ISetupServiceProvider	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{f4817e4b-04b6-11d3-8862-00c04f72f303}\nummethods::	6	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{9b697780-dbbc-11d2-80c7-00104b1f6cea}\proxystubclsid32::	{F4817E4B-04B6-11D3-8862-00C04F72F303}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{9b697780-dbbc-11d2-80c7-00104b1f6cea}::	ISetupObjectClass	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{9b697780-dbbc-11d2-80c7-00104b1f6cea}\nummethods::	5	RegNtPreCreateKey
HKLM\software\classes\typelib\{94636247-bc39-4b8b-a728-2d1fbebfa76a}\1.0::	InstallShield DevStudio Setup Kernel	RegNtPreCreateKey

HKLM\software\classes\typelib\{94636247-bc39-4b8b-a728-2d1fbebfa76a}\1.0\flags::	0	RegNtPreCreateKey
HKLM\software\classes\typelib\{94636247-bc39-4b8b-a728-2d1fbebfa76a}\1.0\0\win32::	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\IsProBE.tlb	RegNtPreCreateKey
HKLM\software\classes\typelib\{94636247-bc39-4b8b-a728-2d1fbebfa76a}\1.0\helpdir::	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{aa7e2068-cb55-11d2-8094-00104b1f9838}::	ISetupTransferEvents	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{aa7e2068-cb55-11d2-8094-00104b1f9838}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{aa7e2068-cb55-11d2-8094-00104b1f9838}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{aa7e2068-cb55-11d2-8094-00104b1f9838}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{aa7e2068-cb55-11d2-8094-00104b1f9838}::	ISetupTransferEvents	RegNtPreCreateKey
HKLM\software\classes\interface\{aa7e2068-cb55-11d2-8094-00104b1f9838}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{aa7e2068-cb55-11d2-8094-00104b1f9838}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{aa7e2068-cb55-11d2-8094-00104b1f9838}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{aa7e2066-cb55-11d2-8094-00104b1f9838}::	ISetupFeature	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{aa7e2066-cb55-11d2-8094-00104b1f9838}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{aa7e2066-cb55-11d2-8094-00104b1f9838}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{aa7e2066-cb55-11d2-8094-00104b1f9838}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{aa7e2066-cb55-11d2-8094-00104b1f9838}::	ISetupFeature	RegNtPreCreateKey
HKLM\software\classes\interface\{aa7e2066-cb55-11d2-8094-00104b1f9838}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{aa7e2066-cb55-11d2-8094-00104b1f9838}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{aa7e2066-cb55-11d2-8094-00104b1f9838}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{cc096170-e2cb-11d2-80c8-00104b1f6cea}::	ISetupBasicFeature	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{cc096170-e2cb-11d2-80c8-00104b1f6cea}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{cc096170-e2cb-11d2-80c8-00104b1f6cea}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{cc096170-e2cb-11d2-80c8-00104b1f6cea}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{cc096170-e2cb-11d2-80c8-00104b1f6cea}::	ISetupBasicFeature	RegNtPreCreateKey
HKLM\software\classes\interface\{cc096170-e2cb-11d2-80c8-00104b1f6cea}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{cc096170-e2cb-11d2-80c8-00104b1f6cea}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{cc096170-e2cb-11d2-80c8-00104b1f6cea}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b11-e59d-11d2-b40b-00a024b9dddd}::	ISetupFeatureLog	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b11-e59d-11d2-b40b-00a024b9dddd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b11-e59d-11d2-b40b-00a024b9dddd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b11-e59d-11d2-b40b-00a024b9dddd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b11-e59d-11d2-b40b-00a024b9dddd}::	ISetupFeatureLog	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b11-e59d-11d2-b40b-00a024b9dddd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b11-e59d-11d2-b40b-00a024b9dddd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b11-e59d-11d2-b40b-00a024b9dddd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b13-e59d-11d2-b40b-00a024b9dddd}::	ISetupFeatureLogs	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b13-e59d-11d2-b40b-00a024b9dddd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b13-e59d-11d2-b40b-00a024b9dddd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b13-e59d-11d2-b40b-00a024b9dddd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b13-e59d-11d2-b40b-00a024b9dddd}::	ISetupFeatureLogs	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b13-e59d-11d2-b40b-00a024b9dddd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b13-e59d-11d2-b40b-00a024b9dddd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b13-e59d-11d2-b40b-00a024b9dddd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b12-e59d-11d2-b40b-00a024b9dddd}::	ISetupOpSequence	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b12-e59d-11d2-b40b-00a024b9dddd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b12-e59d-11d2-b40b-00a024b9dddd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b12-e59d-11d2-b40b-00a024b9dddd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b12-e59d-11d2-b40b-00a024b9dddd}::	ISetupOpSequence	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b12-e59d-11d2-b40b-00a024b9dddd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b12-e59d-11d2-b40b-00a024b9dddd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b12-e59d-11d2-b40b-00a024b9dddd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b10-e59d-11d2-b40b-00a024b9dddd}::	ISetupLogDB	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b10-e59d-11d2-b40b-00a024b9dddd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b10-e59d-11d2-b40b-00a024b9dddd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b10-e59d-11d2-b40b-00a024b9dddd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b10-e59d-11d2-b40b-00a024b9dddd}::	ISetupLogDB	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b10-e59d-11d2-b40b-00a024b9dddd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b10-e59d-11d2-b40b-00a024b9dddd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b10-e59d-11d2-b40b-00a024b9dddd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b16-e59d-11d2-b40b-00a024b9dddd}::	ISetupOpTypes	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b16-e59d-11d2-b40b-00a024b9dddd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b16-e59d-11d2-b40b-00a024b9dddd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b16-e59d-11d2-b40b-00a024b9dddd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b16-e59d-11d2-b40b-00a024b9dddd}::	ISetupOpTypes	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b16-e59d-11d2-b40b-00a024b9dddd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b16-e59d-11d2-b40b-00a024b9dddd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b16-e59d-11d2-b40b-00a024b9dddd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b15-e59d-11d2-b40b-00a024b9dddd}::	ISetupOpType	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b15-e59d-11d2-b40b-00a024b9dddd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b15-e59d-11d2-b40b-00a024b9dddd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8c3c1b15-e59d-11d2-b40b-00a024b9dddd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b15-e59d-11d2-b40b-00a024b9dddd}::	ISetupOpType	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b15-e59d-11d2-b40b-00a024b9dddd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b15-e59d-11d2-b40b-00a024b9dddd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{8c3c1b15-e59d-11d2-b40b-00a024b9dddd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{2583251f-0a04-11d3-886b-00c04f72f303}::	ISetupBasicFeatureStateEvents	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{2583251f-0a04-11d3-886b-00c04f72f303}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{2583251f-0a04-11d3-886b-00c04f72f303}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{2583251f-0a04-11d3-886b-00c04f72f303}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{2583251f-0a04-11d3-886b-00c04f72f303}::	ISetupBasicFeatureStateEvents	RegNtPreCreateKey
HKLM\software\classes\interface\{2583251f-0a04-11d3-886b-00c04f72f303}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{2583251f-0a04-11d3-886b-00c04f72f303}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{2583251f-0a04-11d3-886b-00c04f72f303}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{aa7e2065-cb55-11d2-8094-00104b1f9838}::	ISetupFeatures	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{aa7e2065-cb55-11d2-8094-00104b1f9838}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{aa7e2065-cb55-11d2-8094-00104b1f9838}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{aa7e2065-cb55-11d2-8094-00104b1f9838}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{aa7e2065-cb55-11d2-8094-00104b1f9838}::	ISetupFeatures	RegNtPreCreateKey
HKLM\software\classes\interface\{aa7e2065-cb55-11d2-8094-00104b1f9838}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{aa7e2065-cb55-11d2-8094-00104b1f9838}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{aa7e2065-cb55-11d2-8094-00104b1f9838}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{be6115a1-7de5-48dc-ad2a-25060e00fce2}::	ISetupTransferEvents2	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{be6115a1-7de5-48dc-ad2a-25060e00fce2}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{be6115a1-7de5-48dc-ad2a-25060e00fce2}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{be6115a1-7de5-48dc-ad2a-25060e00fce2}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{be6115a1-7de5-48dc-ad2a-25060e00fce2}::	ISetupTransferEvents2	RegNtPreCreateKey
HKLM\software\classes\interface\{be6115a1-7de5-48dc-ad2a-25060e00fce2}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{be6115a1-7de5-48dc-ad2a-25060e00fce2}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{be6115a1-7de5-48dc-ad2a-25060e00fce2}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{ba24e1da-9e87-4502-9af0-b5ddfa6d6b23}::	ISetupTransferEvents3	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{ba24e1da-9e87-4502-9af0-b5ddfa6d6b23}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{ba24e1da-9e87-4502-9af0-b5ddfa6d6b23}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{ba24e1da-9e87-4502-9af0-b5ddfa6d6b23}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{ba24e1da-9e87-4502-9af0-b5ddfa6d6b23}::	ISetupTransferEvents3	RegNtPreCreateKey
HKLM\software\classes\interface\{ba24e1da-9e87-4502-9af0-b5ddfa6d6b23}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{ba24e1da-9e87-4502-9af0-b5ddfa6d6b23}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{ba24e1da-9e87-4502-9af0-b5ddfa6d6b23}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{6b15a454-9067-4878-b10e-b9dffe03049d}::	ISetupLogDB2	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{6b15a454-9067-4878-b10e-b9dffe03049d}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{6b15a454-9067-4878-b10e-b9dffe03049d}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{6b15a454-9067-4878-b10e-b9dffe03049d}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{6b15a454-9067-4878-b10e-b9dffe03049d}::	ISetupLogDB2	RegNtPreCreateKey
HKLM\software\classes\interface\{6b15a454-9067-4878-b10e-b9dffe03049d}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{6b15a454-9067-4878-b10e-b9dffe03049d}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{6b15a454-9067-4878-b10e-b9dffe03049d}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{a36ecfbe-faaa-417d-9d41-7fef98fde554}::	ISetupOpSequence2	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{a36ecfbe-faaa-417d-9d41-7fef98fde554}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{a36ecfbe-faaa-417d-9d41-7fef98fde554}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{a36ecfbe-faaa-417d-9d41-7fef98fde554}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{a36ecfbe-faaa-417d-9d41-7fef98fde554}::	ISetupOpSequence2	RegNtPreCreateKey
HKLM\software\classes\interface\{a36ecfbe-faaa-417d-9d41-7fef98fde554}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{a36ecfbe-faaa-417d-9d41-7fef98fde554}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{a36ecfbe-faaa-417d-9d41-7fef98fde554}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{4d08a70c-42e4-4238-af79-7a7485c66ee2}::	ISetupScriptDebugEngineOld_2	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{4d08a70c-42e4-4238-af79-7a7485c66ee2}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{4d08a70c-42e4-4238-af79-7a7485c66ee2}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{4d08a70c-42e4-4238-af79-7a7485c66ee2}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{4d08a70c-42e4-4238-af79-7a7485c66ee2}::	ISetupScriptDebugEngineOld_2	RegNtPreCreateKey
HKLM\software\classes\interface\{4d08a70c-42e4-4238-af79-7a7485c66ee2}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{4d08a70c-42e4-4238-af79-7a7485c66ee2}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{4d08a70c-42e4-4238-af79-7a7485c66ee2}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{b310295d-e006-4e5a-9cbe-fa7c092f2fc3}::	ISetupScriptStackFrameOld_2	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{b310295d-e006-4e5a-9cbe-fa7c092f2fc3}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{b310295d-e006-4e5a-9cbe-fa7c092f2fc3}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{b310295d-e006-4e5a-9cbe-fa7c092f2fc3}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{b310295d-e006-4e5a-9cbe-fa7c092f2fc3}::	ISetupScriptStackFrameOld_2	RegNtPreCreateKey
HKLM\software\classes\interface\{b310295d-e006-4e5a-9cbe-fa7c092f2fc3}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{b310295d-e006-4e5a-9cbe-fa7c092f2fc3}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{b310295d-e006-4e5a-9cbe-fa7c092f2fc3}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{9e274dca-9b35-4b99-904f-76f2c5b59f76}::	ISetupScriptErrorOld_2	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{9e274dca-9b35-4b99-904f-76f2c5b59f76}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{9e274dca-9b35-4b99-904f-76f2c5b59f76}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{9e274dca-9b35-4b99-904f-76f2c5b59f76}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{9e274dca-9b35-4b99-904f-76f2c5b59f76}::	ISetupScriptErrorOld_2	RegNtPreCreateKey
HKLM\software\classes\interface\{9e274dca-9b35-4b99-904f-76f2c5b59f76}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{9e274dca-9b35-4b99-904f-76f2c5b59f76}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{9e274dca-9b35-4b99-904f-76f2c5b59f76}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{7fa3f3d3-7b9e-4f51-9448-3642b544cebd}::	ISetupScriptDebuggerOld_2	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{7fa3f3d3-7b9e-4f51-9448-3642b544cebd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{7fa3f3d3-7b9e-4f51-9448-3642b544cebd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{7fa3f3d3-7b9e-4f51-9448-3642b544cebd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{7fa3f3d3-7b9e-4f51-9448-3642b544cebd}::	ISetupScriptDebuggerOld_2	RegNtPreCreateKey
HKLM\software\classes\interface\{7fa3f3d3-7b9e-4f51-9448-3642b544cebd}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{7fa3f3d3-7b9e-4f51-9448-3642b544cebd}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{7fa3f3d3-7b9e-4f51-9448-3642b544cebd}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{3dfe4f8f-a5a1-4eca-9a50-e5cf9ba836e9}::	ISetupScriptDebuggerOld2_2	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{3dfe4f8f-a5a1-4eca-9a50-e5cf9ba836e9}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{3dfe4f8f-a5a1-4eca-9a50-e5cf9ba836e9}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{3dfe4f8f-a5a1-4eca-9a50-e5cf9ba836e9}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{3dfe4f8f-a5a1-4eca-9a50-e5cf9ba836e9}::	ISetupScriptDebuggerOld2_2	RegNtPreCreateKey
HKLM\software\classes\interface\{3dfe4f8f-a5a1-4eca-9a50-e5cf9ba836e9}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{3dfe4f8f-a5a1-4eca-9a50-e5cf9ba836e9}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{3dfe4f8f-a5a1-4eca-9a50-e5cf9ba836e9}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{084a0737-26b9-4433-8007-a9161333b5fc}::	ISetupScriptDebugEngineOld	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{084a0737-26b9-4433-8007-a9161333b5fc}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{084a0737-26b9-4433-8007-a9161333b5fc}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{084a0737-26b9-4433-8007-a9161333b5fc}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{084a0737-26b9-4433-8007-a9161333b5fc}::	ISetupScriptDebugEngineOld	RegNtPreCreateKey
HKLM\software\classes\interface\{084a0737-26b9-4433-8007-a9161333b5fc}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{084a0737-26b9-4433-8007-a9161333b5fc}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{084a0737-26b9-4433-8007-a9161333b5fc}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{9aee3f7a-a79f-4b41-bc48-e7946ffeab35}::	ISetupScriptStackFrameOld	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{9aee3f7a-a79f-4b41-bc48-e7946ffeab35}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{9aee3f7a-a79f-4b41-bc48-e7946ffeab35}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{9aee3f7a-a79f-4b41-bc48-e7946ffeab35}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{9aee3f7a-a79f-4b41-bc48-e7946ffeab35}::	ISetupScriptStackFrameOld	RegNtPreCreateKey
HKLM\software\classes\interface\{9aee3f7a-a79f-4b41-bc48-e7946ffeab35}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{9aee3f7a-a79f-4b41-bc48-e7946ffeab35}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{9aee3f7a-a79f-4b41-bc48-e7946ffeab35}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{1ed19966-1493-4539-b9f5-97a6556ce8f8}::	ISetupScriptErrorOld	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{1ed19966-1493-4539-b9f5-97a6556ce8f8}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{1ed19966-1493-4539-b9f5-97a6556ce8f8}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{1ed19966-1493-4539-b9f5-97a6556ce8f8}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{1ed19966-1493-4539-b9f5-97a6556ce8f8}::	ISetupScriptErrorOld	RegNtPreCreateKey
HKLM\software\classes\interface\{1ed19966-1493-4539-b9f5-97a6556ce8f8}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{1ed19966-1493-4539-b9f5-97a6556ce8f8}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey
HKLM\software\classes\interface\{1ed19966-1493-4539-b9f5-97a6556ce8f8}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{17773851-7ff4-44c1-b084-1e1edb2bfd4d}::	ISetupScriptDebuggerOld	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{17773851-7ff4-44c1-b084-1e1edb2bfd4d}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{17773851-7ff4-44c1-b084-1e1edb2bfd4d}\typelib::	{94636247-BC39-4B8B-A728-2D1FBEBFA76A}	RegNtPreCreateKey

748 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent OutputDebugString
User Data Access	GetUserObjectInformation
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Other Suspicious	AdjustTokenPrivileges
Service Control	OpenSCManager OpenService

Shell Command Execution


							C:\Users\Wqihzbpg\AppData\Local\Temp\nsu56EC.tmp\drwsetup.exe


							C:\Users\Wqihzbpg\AppData\Local\Temp\nsu56EC.tmp\drwsetup.exe  -deleter


							"C:\Users\Kfayuxji\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


							"c:\users\user\downloads\uninstall.exe" /KEEPINSTDIR _?=c:\users\user\downloads


							"C:\Users\Icirxgde\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Mcupsoxj\AppData\Roaming\baidu\BaiduRJDownloader1.3\1.3.0.417\BDMiniDlUpdate.exe" delete


									"C:\Users\Ogzwghqe\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Lxybcqcq\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\

Adware.Baidu

Cartão de pontuação de ameaças

EnigmaSoft Threat Scorecard

SpyHunter detecta e remove Adware.Baidu

Detalhes Sobre os Arquivos do Sistema

Relatório de análise

Informação geral

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Enviar o Comentário

Postagens Relacionadas

Tendendo

Mais visto