Adware.Montiera.B

By CagedTech in Adware

Threat Scorecard

Popularity Rank:	8,884
Threat Level:	20 % (Normal)
Infected Computers:	735

First Seen:	October 11, 2021
Last Seen:	April 12, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Adware.Montiera.B
Signature status:	Format Error

Known Samples

MD5: 1b59ea3ebcced968987c48cc107c6d3c

SHA1: 2ee347b93376363e25cea46d6632777e44df259a

SHA256: 8B3C2AAB4F27574781ACD475E3A7285A6B7916AD43EB492B7CA435CE40F9994A

File Size: 3.62 MB, 3619008 bytes

MD5: cef67aa966a18b96362c8177c4c78e19

SHA1: a27f715f8b15ac8b106ab202bee230bb62cef74a

SHA256: EAF8E7667C0DFACCE00B8F9FE62C3C6F1C24F56E53304D56F88379420D187798

File Size: 1.29 MB, 1290423 bytes

MD5: d9dd38dfe3fb8de2cdef870bb3f9b7b1

SHA1: 142fd2f5a674dc4920177f8b44df7b1a77b4e805

SHA256: E75A02AC9A11B05561EA06DC5C4C0F79D33EF5B0657FC4F74F993CAB0F765440

File Size: 2.04 MB, 2041228 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Check Point Software Technologies LTD facemoods.com Onekit SL
File Version	1.8.29.18 1.8.21.15 1.4.15.13
Product Name	facemoods onekit zonealarm

Digital Signatures

Signer	Root	Status
Check Point Software Technologies Ltd.	VeriSign Class 3 Code Signing 2010 CA	Root Not Trusted

File Traits

Default Version Info
dll
HighEntropy
x86

Files Modified

File	Attributes
c:\program files (x86)\check point software technologies ltd\zonealarm\1.8.21.15\bh\zonealarm.dll	Generic Write,Read Attributes
c:\program files (x86)\check point software technologies ltd\zonealarm\1.8.21.15\dntp-zonealarm-ie.exe	Generic Write,Read Attributes
c:\program files (x86)\check point software technologies ltd\zonealarm\1.8.21.15\uninstall.exe	Generic Write,Read Attributes
c:\program files (x86)\check point software technologies ltd\zonealarm\1.8.21.15\zonealarm.crx	Generic Write,Read Attributes
c:\program files (x86)\check point software technologies ltd\zonealarm\1.8.21.15\zonealarmapp.dll	Generic Write,Read Attributes
c:\program files (x86)\check point software technologies ltd\zonealarm\1.8.21.15\zonealarmeng.dll	Generic Write,Read Attributes
c:\program files (x86)\check point software technologies ltd\zonealarm\1.8.21.15\zonealarmsrv.exe	Generic Write,Read Attributes
c:\program files (x86)\check point software technologies ltd\zonealarm\1.8.21.15\zonealarmtlbr.dll	Generic Write,Read Attributes
c:\program files (x86)\onekit sl\onekit\1.8.29.18\bh\onekit.dll	Generic Write,Read Attributes
c:\program files (x86)\onekit sl\onekit\1.8.29.18\onekitapp.dll	Generic Write,Read Attributes

c:\program files (x86)\onekit sl\onekit\1.8.29.18\onekiteng.dll	Generic Write,Read Attributes
c:\program files (x86)\onekit sl\onekit\1.8.29.18\onekittlbr.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\appcntrl.js	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\bg.html	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\bg.js	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\crmadpt.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\ct.js	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\ctb.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\dpk.js	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\hprtkmsg.htm	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\hprtkmsg.js	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\json2.min.js	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\logo.png	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\manifest.json	Generic Write,Read Attributes
c:\users\user\appdata\local\google\chrome\user data\default\extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek\1.0_0\pref.json	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\check point software technologies ltd	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\check point software technologies ltd\zonealarm	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\check point software technologies ltd\zonealarm\1.8.21.15	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\check point software technologies ltd\zonealarm\1.8.21.15\nsis.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\check point software technologies ltd\zonealarm\1.8.21.15\nsis.js_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\check point software technologies ltd\zonealarm\1.8.21.15\zonealarm4ffx.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\check point software technologies ltd\zonealarm\1.8.21.15\zonealarm4ffx.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\check point software technologies ltd\zonealarm\1.8.21.15\zonealarm4ie.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\check point software technologies ltd\zonealarm\1.8.21.15\zonealarm4ie.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\mt_ffx\onekit sl\onekit\1.8.29.18\onekit.xpi	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd3.tmp_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nscc0b5.tmp_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsd2723.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd2723.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd2723.tmp\userinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\chrmpref.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\chrmpref.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\inetload.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\inetload.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\mt.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\mt.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\nsisos.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\nsisos.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\processes.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\processes.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\time.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\time.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\userinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf595b.tmp\userinfo.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh5ed9.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh5ed9.tmp\mt.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5ed9.tmp\mt.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh5ed9.tmp\nsisos.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5ed9.tmp\nsisos.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh5ed9.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5ed9.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh5ed9.tmp\time.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5ed9.tmp\time.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp\mt.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp\mt.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp\mt.dll_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp\nsisos.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp\nsisos.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp\nsisos.dll_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp\system.dll_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp\time.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp\time.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp\time.dll_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsmc0f4.tmp_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\chrmpref.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\chrmpref.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\chrmpref.dll_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\inetload.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\inetload.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\inetload.dll_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\mt.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\mt.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\mt.dll_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\nsisos.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\nsisos.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\nsisos.dll_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\processes.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\processes.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\processes.dll_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\system.dll_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\time.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\time.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\time.dll_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\userinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\userinfo.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp\userinfo.dll_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqbbe4.tmp_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssc0c6.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssc0c6.tmp\mt.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc0c6.tmp\mt.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssc0c6.tmp\nsisos.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc0c6.tmp\nsisos.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssc0c6.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc0c6.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssc0c6.tmp\time.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc0c6.tmp\time.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssc0c6.tmp\userinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc0c6.tmp\userinfo.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssc0c6.tmp_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp\md5dll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp\md5dll.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp\mt.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp\mt.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp\nsisos.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp\nsisos.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp\time.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp\time.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp\userinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw5e9a.tmp\userinfo.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsxc0e4.tmp_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\onekit sl	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\onekit sl\onekit	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\onekit sl\onekit\1.8.29.18	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\onekit sl\onekit\1.8.29.18\nsis.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onekit sl\onekit\1.8.29.18\nsis.js_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\onekit sl\onekit\1.8.29.18\onekit4ie.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onekit sl\onekit\1.8.29.18\onekit4ie.exe	Synchronize,Write Attributes
c:\users\user\appdata\roaming\onekit sl\onekit\1.8.29.18\onekit4ffx.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\onekit sl\onekit\1.8.29.18\uninstall.exe	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::trace		RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::sku		RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::tstid		RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::ver		RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::insd		RegNtPreCreateKey
HKCU\software\check point software technologies ltd\zonealarm::tlbrsrchurl	http://search.zonealarm.com/search?src=tb&tbid=base&Lan={dfltLng}&gu=&tu=&sku=&tstsId=&ver=&&q=	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::trace		RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::trace		RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::run4ie	start	RegNtPreCreateKey
HKLM\software\classes\appid\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}::	escorTlbr	RegNtPreCreateKey
HKLM\software\classes\appid\escortlbr.dll::appid	{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmdskbnd.1::	CDskBnd Object	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmdskbnd.1\clsid::	{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\time.dll	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmdskbnd::	CDskBnd Object	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmdskbnd\clsid::	{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\time.dll\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmdskbnd\curver::	checkpoint.zonealarmdskBnd.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{438fae3e-bdef-44d3-ab8b-0c7c8350df59}::	CDskBnd Object	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{438fae3e-bdef-44d3-ab8b-0c7c8350df59}\progid::	checkpoint.zonealarmdskBnd.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{438fae3e-bdef-44d3-ab8b-0c7c8350df59}\versionindependentprogid::	checkpoint.zonealarmdskBnd	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{438fae3e-bdef-44d3-ab8b-0c7c8350df59}\inprocserver32::	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{438fae3e-bdef-44d3-ab8b-0c7c8350df59}\inprocserver32::threadingmodel	apartment	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{438fae3e-bdef-44d3-ab8b-0c7c8350df59}::appid	{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{438fae3e-bdef-44d3-ab8b-0c7c8350df59}\typelib::	{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}	RegNtPreCreateKey
HKLM\software\classes\typelib\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}\1.0::	escorTlbr 1.0 Type Library	RegNtPreCreateKey
HKLM\software\classes\typelib\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}\1.0\flags::	0	RegNtPreCreateKey
HKLM\software\classes\typelib\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}\1.0\0\win32::	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll	RegNtPreCreateKey
HKLM\software\classes\typelib\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}\1.0\helpdir::	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\toolbar::{438fae3e-bdef-44d3-ab8b-0c7c8350df59}	ZoneAlarm Security Toolbar	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{438fae3e-bdef-44d3-ab8b-0c7c8350df59}::	ZoneAlarm Security Toolbar	RegNtPreCreateKey
HKLM\software\classes\appid\{06deb529-de09-43ec-b6e2-451aab0ff000}::	esrv	RegNtPreCreateKey
HKLM\software\classes\appid\esrv.exe::appid	{06DEB529-DE09-43EC-B6E2-451AAB0FF000}	RegNtPreCreateKey
HKLM\software\classes\esrv.zonealarmesrvc.1::	escrtSrvc Object	RegNtPreCreateKey
HKLM\software\classes\esrv.zonealarmesrvc.1\clsid::	{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}	RegNtPreCreateKey
HKLM\software\classes\esrv.zonealarmesrvc::	escrtSrvc Object	RegNtPreCreateKey
HKLM\software\classes\esrv.zonealarmesrvc\clsid::	{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}	RegNtPreCreateKey
HKLM\software\classes\esrv.zonealarmesrvc\curver::	esrv.zonealarmESrvc.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{e0722beb-fda1-4aa1-a2a8-15a74a5b3f70}::	escrtSrvc Object	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{e0722beb-fda1-4aa1-a2a8-15a74a5b3f70}\progid::	esrv.zonealarmESrvc.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{e0722beb-fda1-4aa1-a2a8-15a74a5b3f70}\versionindependentprogid::	esrv.zonealarmESrvc	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{e0722beb-fda1-4aa1-a2a8-15a74a5b3f70}\localserver32::	"C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmsrv.exe"	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{e0722beb-fda1-4aa1-a2a8-15a74a5b3f70}\localserver32::threadingmodel	apartment	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{e0722beb-fda1-4aa1-a2a8-15a74a5b3f70}::appid	{06DEB529-DE09-43EC-B6E2-451AAB0FF000}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{e0722beb-fda1-4aa1-a2a8-15a74a5b3f70}\typelib::	{06DEB529-DE09-43EC-B6E2-451AAB0FF000}	RegNtPreCreateKey
HKLM\software\classes\typelib\{06deb529-de09-43ec-b6e2-451aab0ff000}\1.0::	esrv 1.0 Type Library	RegNtPreCreateKey
HKLM\software\classes\typelib\{06deb529-de09-43ec-b6e2-451aab0ff000}\1.0\flags::	0	RegNtPreCreateKey
HKLM\software\classes\typelib\{06deb529-de09-43ec-b6e2-451aab0ff000}\1.0\0\win32::	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmsrv.exe	RegNtPreCreateKey
HKLM\software\classes\typelib\{06deb529-de09-43ec-b6e2-451aab0ff000}\1.0\helpdir::	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\low rights\elevationpolicy\{09d8e2a7-4d2b-481a-a88d-b5fc9abe0b6f}::policy		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\low rights\elevationpolicy\{09d8e2a7-4d2b-481a-a88d-b5fc9abe0b6f}::appname	zonealarmsrv.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\low rights\elevationpolicy\{09d8e2a7-4d2b-481a-a88d-b5fc9abe0b6f}::apppath	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15	RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::sku		RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::tstid		RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::ver		RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::insd		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{2a841f7a-a014-4da5-b6d9-8b913dfb7a8c}::	Zonealarm Helper Object	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{2a841f7a-a014-4da5-b6d9-8b913dfb7a8c}::noexplorer		RegNtPreCreateKey
HKLM\software\classes\appid\{09c554c3-109b-483c-a06b-f14172f1a947}::	escort	RegNtPreCreateKey
HKLM\software\classes\appid\escort.dll::appid	{09C554C3-109B-483C-A06B-F14172F1A947}	RegNtPreCreateKey
HKLM\software\classes\escort.escortiepane.1::	escortIEPane Object	RegNtPreCreateKey
HKLM\software\classes\escort.escortiepane.1\clsid::	{6DBF5819-8634-464E-92F4-1F29C1EFF773}	RegNtPreCreateKey
HKLM\software\classes\escort.escortiepane::	escortIEPane Object	RegNtPreCreateKey
HKLM\software\classes\escort.escortiepane\clsid::	{6DBF5819-8634-464E-92F4-1F29C1EFF773}	RegNtPreCreateKey
HKLM\software\classes\escort.escortiepane\curver::	escort.escortIEPane.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6dbf5819-8634-464e-92f4-1f29c1eff773}::	escortIEPane Object	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6dbf5819-8634-464e-92f4-1f29c1eff773}\progid::	escort.escortIEPane.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6dbf5819-8634-464e-92f4-1f29c1eff773}\versionindependentprogid::	escort.escortIEPane	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6dbf5819-8634-464e-92f4-1f29c1eff773}\inprocserver32::	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6dbf5819-8634-464e-92f4-1f29c1eff773}\inprocserver32::threadingmodel	apartment	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6dbf5819-8634-464e-92f4-1f29c1eff773}::appid	{09C554C3-109B-483C-A06B-F14172F1A947}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6dbf5819-8634-464e-92f4-1f29c1eff773}\typelib::	{09C554C3-109B-483C-A06B-F14172F1A947}	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmhlpr.1::	CescrtHlpr Object	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmhlpr.1\clsid::	{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmhlpr::	CescrtHlpr Object	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmhlpr\clsid::	{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmhlpr\curver::	checkpoint.zonealarmHlpr.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2a841f7a-a014-4da5-b6d9-8b913dfb7a8c}::	CescrtHlpr Object	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2a841f7a-a014-4da5-b6d9-8b913dfb7a8c}\progid::	checkpoint.zonealarmHlpr.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2a841f7a-a014-4da5-b6d9-8b913dfb7a8c}\versionindependentprogid::	checkpoint.zonealarmHlpr	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2a841f7a-a014-4da5-b6d9-8b913dfb7a8c}\inprocserver32::	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2a841f7a-a014-4da5-b6d9-8b913dfb7a8c}\inprocserver32::threadingmodel	apartment	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2a841f7a-a014-4da5-b6d9-8b913dfb7a8c}::appid	{09C554C3-109B-483C-A06B-F14172F1A947}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2a841f7a-a014-4da5-b6d9-8b913dfb7a8c}\typelib::	{09C554C3-109B-483C-A06B-F14172F1A947}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2a841f7a-a014-4da5-b6d9-8b913dfb7a8c}::	Zonealarm Helper Object	RegNtPreCreateKey
HKLM\software\classes\appid\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}::	escortApp	RegNtPreCreateKey
HKLM\software\classes\appid\escortapp.dll::appid	{D7EE8177-D51E-4F89-92B6-83EA2EC40800}	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmappcore.1::	appCore Object	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmappcore.1\clsid::	{F1963E76-845B-474C-8C7F-D69A96D8AA34}	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmappcore::	appCore Object	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmappcore\clsid::	{F1963E76-845B-474C-8C7F-D69A96D8AA34}	RegNtPreCreateKey
HKLM\software\classes\checkpoint.zonealarmappcore\curver::	checkpoint.zonealarmappCore.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f1963e76-845b-474c-8c7f-d69a96d8aa34}::	appCore Object	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f1963e76-845b-474c-8c7f-d69a96d8aa34}\progid::	checkpoint.zonealarmappCore.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f1963e76-845b-474c-8c7f-d69a96d8aa34}\versionindependentprogid::	checkpoint.zonealarmappCore	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f1963e76-845b-474c-8c7f-d69a96d8aa34}\inprocserver32::	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmApp.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f1963e76-845b-474c-8c7f-d69a96d8aa34}\inprocserver32::threadingmodel	apartment	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f1963e76-845b-474c-8c7f-d69a96d8aa34}::appid	{D7EE8177-D51E-4F89-92B6-83EA2EC40800}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f1963e76-845b-474c-8c7f-d69a96d8aa34}\typelib::	{D7EE8177-D51E-4F89-92B6-83EA2EC40800}	RegNtPreCreateKey
HKLM\software\classes\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}\1.0::	escortApp 1.0 Type Library	RegNtPreCreateKey
HKLM\software\classes\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}\1.0\flags::	0	RegNtPreCreateKey
HKLM\software\classes\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}\1.0\0\win32::	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmApp.dll	RegNtPreCreateKey
HKLM\software\classes\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}\1.0\helpdir::	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15	RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::hrdid		RegNtPreCreateKey
HKLM\software\classes\appid\{c56c48a0-da4e-46f6-9859-1553dc865f84}\instl\data::instlday	你	RegNtPreCreateKey
HKLM\software\classes\typelib\{e00de9b9-b128-4c39-b732-b5d85013fa48}\1.0::	zonealarmCmn 1.0 Type Library	RegNtPreCreateKey
HKLM\software\classes\typelib\{e00de9b9-b128-4c39-b732-b5d85013fa48}\1.0\flags::	0	RegNtPreCreateKey
HKLM\software\classes\typelib\{e00de9b9-b128-4c39-b732-b5d85013fa48}\1.0\0\win32::	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmEng.dll\2	RegNtPreCreateKey
HKLM\software\classes\typelib\{e00de9b9-b128-4c39-b732-b5d85013fa48}\1.0\helpdir::	C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{bc482c43-4655-4a53-ab39-bf915bf0a91b}::	Ixtrnlmain	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{bc482c43-4655-4a53-ab39-bf915bf0a91b}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{bc482c43-4655-4a53-ab39-bf915bf0a91b}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{bc482c43-4655-4a53-ab39-bf915bf0a91b}\typelib::version	1.0	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\time.dll\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\\??\C:\Use	RegNtPreCreateKey
HKLM\software\classes\interface\{bc482c43-4655-4a53-ab39-bf915bf0a91b}::	Ixtrnlmain	RegNtPreCreateKey
HKLM\software\classes\interface\{bc482c43-4655-4a53-ab39-bf915bf0a91b}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{bc482c43-4655-4a53-ab39-bf915bf0a91b}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\interface\{bc482c43-4655-4a53-ab39-bf915bf0a91b}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{78ce4408-3520-4d18-8e5e-5fe6826563a8}::	IappCore	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\time.dll\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\\??\C:\Use	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{78ce4408-3520-4d18-8e5e-5fe6826563a8}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{78ce4408-3520-4d18-8e5e-5fe6826563a8}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{78ce4408-3520-4d18-8e5e-5fe6826563a8}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{78ce4408-3520-4d18-8e5e-5fe6826563a8}::	IappCore	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\time.dll\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\\??\C:\Use	RegNtPreCreateKey
HKLM\software\classes\interface\{78ce4408-3520-4d18-8e5e-5fe6826563a8}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{78ce4408-3520-4d18-8e5e-5fe6826563a8}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\interface\{78ce4408-3520-4d18-8e5e-5fe6826563a8}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{6422960f-40bf-49ed-939d-6152e3a011a7}::	IXtrnlBsc	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\time.dll\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\\??\C:\Use	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{6422960f-40bf-49ed-939d-6152e3a011a7}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{6422960f-40bf-49ed-939d-6152e3a011a7}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{6422960f-40bf-49ed-939d-6152e3a011a7}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{6422960f-40bf-49ed-939d-6152e3a011a7}::	IXtrnlBsc	RegNtPreCreateKey
HKLM\software\classes\interface\{6422960f-40bf-49ed-939d-6152e3a011a7}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{6422960f-40bf-49ed-939d-6152e3a011a7}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\interface\{6422960f-40bf-49ed-939d-6152e3a011a7}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{1ad1a6b2-5e7e-4c3e-a225-e82481ddcbde}::	IEHostWnd	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{1ad1a6b2-5e7e-4c3e-a225-e82481ddcbde}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{1ad1a6b2-5e7e-4c3e-a225-e82481ddcbde}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{1ad1a6b2-5e7e-4c3e-a225-e82481ddcbde}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{1ad1a6b2-5e7e-4c3e-a225-e82481ddcbde}::	IEHostWnd	RegNtPreCreateKey
HKLM\software\classes\interface\{1ad1a6b2-5e7e-4c3e-a225-e82481ddcbde}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{1ad1a6b2-5e7e-4c3e-a225-e82481ddcbde}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\interface\{1ad1a6b2-5e7e-4c3e-a225-e82481ddcbde}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{78602e33-407e-491f-a585-cc13b51f2d06}::	IXmlCnfg	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{78602e33-407e-491f-a585-cc13b51f2d06}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{78602e33-407e-491f-a585-cc13b51f2d06}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{78602e33-407e-491f-a585-cc13b51f2d06}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{78602e33-407e-491f-a585-cc13b51f2d06}::	IXmlCnfg	RegNtPreCreateKey
HKLM\software\classes\interface\{78602e33-407e-491f-a585-cc13b51f2d06}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{78602e33-407e-491f-a585-cc13b51f2d06}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\interface\{78602e33-407e-491f-a585-cc13b51f2d06}\typelib::version	1.0	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\time.dll\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\\??\C:\Use	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{07f1dd18-a993-452d-951c-7d1522e45965}::	IRegmapDisp	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{07f1dd18-a993-452d-951c-7d1522e45965}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{07f1dd18-a993-452d-951c-7d1522e45965}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{07f1dd18-a993-452d-951c-7d1522e45965}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{07f1dd18-a993-452d-951c-7d1522e45965}::	IRegmapDisp	RegNtPreCreateKey
HKLM\software\classes\interface\{07f1dd18-a993-452d-951c-7d1522e45965}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{07f1dd18-a993-452d-951c-7d1522e45965}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\interface\{07f1dd18-a993-452d-951c-7d1522e45965}\typelib::version	1.0	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\time.dll\??\C:\Users\Fezwmsei\AppData\Local\Temp\nsh5ED9.tmp\\??\C:\Use	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{b213fc06-679a-4fdf-86b5-1a2cae2ed186}::	IIEWndFct	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{b213fc06-679a-4fdf-86b5-1a2cae2ed186}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{b213fc06-679a-4fdf-86b5-1a2cae2ed186}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{b213fc06-679a-4fdf-86b5-1a2cae2ed186}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{b213fc06-679a-4fdf-86b5-1a2cae2ed186}::	IIEWndFct	RegNtPreCreateKey
HKLM\software\classes\interface\{b213fc06-679a-4fdf-86b5-1a2cae2ed186}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{b213fc06-679a-4fdf-86b5-1a2cae2ed186}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\interface\{b213fc06-679a-4fdf-86b5-1a2cae2ed186}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{4819b182-ae43-4f8f-aedd-d007eed9f82e}::	IxpEmphszr	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{4819b182-ae43-4f8f-aedd-d007eed9f82e}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{4819b182-ae43-4f8f-aedd-d007eed9f82e}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{4819b182-ae43-4f8f-aedd-d007eed9f82e}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{4819b182-ae43-4f8f-aedd-d007eed9f82e}::	IxpEmphszr	RegNtPreCreateKey
HKLM\software\classes\interface\{4819b182-ae43-4f8f-aedd-d007eed9f82e}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{4819b182-ae43-4f8f-aedd-d007eed9f82e}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\interface\{4819b182-ae43-4f8f-aedd-d007eed9f82e}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{f1aac5d3-64e4-42bc-a6ca-b2a4401790d5}::	IwebAtrbts	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{f1aac5d3-64e4-42bc-a6ca-b2a4401790d5}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{f1aac5d3-64e4-42bc-a6ca-b2a4401790d5}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{f1aac5d3-64e4-42bc-a6ca-b2a4401790d5}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{f1aac5d3-64e4-42bc-a6ca-b2a4401790d5}::	IwebAtrbts	RegNtPreCreateKey
HKLM\software\classes\interface\{f1aac5d3-64e4-42bc-a6ca-b2a4401790d5}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{f1aac5d3-64e4-42bc-a6ca-b2a4401790d5}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\interface\{f1aac5d3-64e4-42bc-a6ca-b2a4401790d5}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{4df1b3dc-dc2f-4f65-9324-48f07cb2632a}::	IEvntCntr	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{4df1b3dc-dc2f-4f65-9324-48f07cb2632a}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{4df1b3dc-dc2f-4f65-9324-48f07cb2632a}\typelib::	{E00DE9B9-B128-4C39-B732-B5D85013FA48}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{4df1b3dc-dc2f-4f65-9324-48f07cb2632a}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{4df1b3dc-dc2f-4f65-9324-48f07cb2632a}::	IEvntCntr	RegNtPreCreateKey

152 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Network Info Queried	GetAdaptersInfo
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess ShellExecute
Network Wininet	HttpOpenRequest HttpSendRequest InternetConnect InternetOpen InternetQueryOption
Anti Debug	OutputDebugString
Keyboard Access	GetKeyState

Shell Command Execution


							open C:\Users\Fezwmsei\AppData\Local\Temp\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarm4ie.exe


							C:\Users\Fezwmsei\AppData\Local\Temp\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarm4ffx.exe


							C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmsrv.exe /RegServer


							"C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\dntp-zonealarm-ie.exe"  /SILENT /VERYSILENT /SUPPRESSMSGBOXES


							open C:\Users\Hkujgoua\AppData\Local\Temp\Onekit SL\onekit\1.8.29.18\onekit4ie.exe


									C:\Users\Hkujgoua\AppData\Roaming\Onekit SL\onekit\1.8.29.18\onekit4ffx.exe


									"" onekit.xpi

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Adware.Montiera.B

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan.Injector.KSB

Forestrievic.com

Pencetbnb.xyz

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen