General Info Watch the FULL Interactive Analysis at ANY.RUN!

File name

BitComet_1.37_x86_setup.exe

Verdict
Malicious activity
Analysis date
2/10/2019, 18:16:33
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

d40afcc9632b7351191645bc1e13c150

SHA1

1bf87d0e194901cd0dbaa7f633dc83dc42c5dc3d

SHA256

43bf8dafc7ef5193da42b45c181fddfb7cd650c08fdd38f848ff62e9768b646c

SSDEEP

196608:DgHgcreh2lB8Rms+zoNYTr0c1S+aa7s5xGYJq53/wCTdH/RME:DgHgcrcRF+zoCv0rYs5EYJqx/wCBZR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • GoogleUpdate.exe (PID: 4008)
  • UPNP.exe (PID: 2808)
  • updater.exe (PID: 2168)
  • BitCometService.exe (PID: 2492)
  • BitCometService.exe (PID: 3104)
  • UPNP.exe (PID: 3952)
  • BitComet.exe (PID: 3088)
  • GoogleToolbarStandaloneSetup_latest.exe (PID: 2140)
  • bitcomet_toolbar.exe (PID: 2408)
  • http_Downloader.exe (PID: 3060)
Loads dropped or rewritten executable
  • GoogleUpdate.exe (PID: 4008)
  • bitcomet_toolbar.exe (PID: 2408)
  • BitComet_1.37_x86_setup.exe (PID: 2460)
Downloads executable files from the Internet
  • updater.exe (PID: 2168)
  • http_Downloader.exe (PID: 3060)
Changes the autorun value in the registry
  • BitComet_1.37_x86_setup.exe (PID: 2460)
Connects to unusual port
  • BitComet.exe (PID: 3088)
Executable content was dropped or overwritten
  • updater.exe (PID: 2168)
  • GoogleUpdate.exe (PID: 4008)
  • GoogleToolbarStandaloneSetup_latest.exe (PID: 2140)
  • bitcomet_toolbar.exe (PID: 2408)
  • http_Downloader.exe (PID: 3060)
  • BitComet_1.37_x86_setup.exe (PID: 2460)
Modifies the open verb of a shell class
  • BitComet.exe (PID: 3088)
  • BitComet_1.37_x86_setup.exe (PID: 2460)
Reads Internet Cache Settings
  • BitComet.exe (PID: 3088)
Creates files in the user directory
  • BitComet.exe (PID: 3088)
  • BitComet_1.37_x86_setup.exe (PID: 2460)
Reads internet explorer settings
  • BitComet.exe (PID: 3088)
Creates files in the program directory
  • GoogleUpdate.exe (PID: 4008)
  • GoogleToolbarStandaloneSetup_latest.exe (PID: 2140)
  • BitComet_1.37_x86_setup.exe (PID: 2460)
Creates or modifies windows services
  • BitCometService.exe (PID: 3104)
Creates a software uninstall entry
  • BitComet_1.37_x86_setup.exe (PID: 2460)
Creates files in the Windows directory
  • bitcomet_toolbar.exe (PID: 2408)
Creates COM task schedule object
  • BitComet_1.37_x86_setup.exe (PID: 2460)
Dropped object may contain Bitcoin addresses
  • BitComet_1.37_x86_setup.exe (PID: 2460)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2012:02:24 20:19:59+01:00
PEType:
PE32
LinkerVersion:
10
CodeSize:
28672
InitializedDataSize:
54272
UninitializedDataSize:
16896
EntryPoint:
0x39e3
OSVersion:
5
ImageVersion:
6
SubsystemVersion:
5
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
24-Feb-2012 19:19:59
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
6
Time date stamp:
24-Feb-2012 19:19:59
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00006F10 0x00007000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.49788
.rdata 0x00008000 0x00002A92 0x00002C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.39389
.data 0x0000B000 0x00067EBC 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 1.47278
.ndata 0x00073000 0x000F1000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x00164000 0x00009490 0x00009600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.86699
.reloc 0x0016E000 0x00000F8A 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 4.56931
Resources
1

2

3

4

5

6

7

8

102

103

104

105

106

107

110

111

202

203

204

205

206

207

211

302

303

304

305

306

307

311

402

403

404

405

406

407

411

502

503

504

505

506

507

511

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
46
Monitored processes
12
Malicious processes
4
Suspicious processes
3

Behavior graph

+
drop and start drop and start drop and start start download and start drop and start drop and start bitcomet_1.37_x86_setup.exe no specs bitcomet_1.37_x86_setup.exe http_downloader.exe bitcomet_toolbar.exe bitcometservice.exe googletoolbarstandalonesetup_latest.exe googleupdate.exe bitcomet.exe bitcometservice.exe upnp.exe no specs upnp.exe no specs updater.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3368
CMD
"C:\Users\admin\AppData\Local\Temp\BitComet_1.37_x86_setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\BitComet_1.37_x86_setup.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image

PID
2460
CMD
"C:\Users\admin\AppData\Local\Temp\BitComet_1.37_x86_setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\BitComet_1.37_x86_setup.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\bitcomet_1.37_x86_setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsk809c.tmp\langdll.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\nsk809c.tmp\system.dll
c:\users\admin\appdata\local\temp\nsk809c.tmp\bcnsishelper.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\userenv.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsk809c.tmp\installoptions.dll
c:\users\admin\appdata\local\temp\nsk809c.tmp\gtapi.dll
c:\users\admin\appdata\local\temp\nsk809c.tmp\gcapi.dll
c:\windows\system32\winmm.dll
c:\users\admin\appdata\local\temp\nsk809c.tmp\installoptionsex.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\sspicli.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\users\admin\appdata\local\temp\nsk809c.tmp\http_downloader.exe
c:\program files\bitcomet\tools\bitcometagent_1.5.4.11.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\bitcomet\tools\bitcometservice.exe
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\bitcomet\bitcomet.exe
c:\users\admin\appdata\local\temp\nsk809c.tmp\nsisunz.dll
c:\program files\bitcomet\tools\bitcometbho_1.5.4.11.dll
c:\windows\system32\netutils.dll

PID
3060
CMD
"C:\Users\admin\AppData\Local\Temp\nsk809C.tmp\http_Downloader.exe" /googletoolbar
Path
C:\Users\admin\AppData\Local\Temp\nsk809C.tmp\http_Downloader.exe
Indicators
Parent process
BitComet_1.37_x86_setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsk809c.tmp\http_downloader.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\bitcomet_toolbar.exe

PID
2408
CMD
"C:\Users\admin\AppData\Local\Temp\bitcomet_toolbar.exe" /r:SHA /h:set /d:set
Path
C:\Users\admin\AppData\Local\Temp\bitcomet_toolbar.exe
Indicators
Parent process
http_Downloader.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\bitcomet_toolbar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsje1e6.tmp\system.dll
c:\users\admin\appdata\local\temp\googletoolbarstandalonesetup_latest.exe

PID
3104
CMD
"C:\Program Files\BitComet\tools\BitCometService.exe" /reg
Path
C:\Program Files\BitComet\tools\BitCometService.exe
Indicators
Parent process
BitComet_1.37_x86_setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
www.BitComet.com
Description
BitComet disk boost service
Version
1.25
Modules
Image
c:\program files\bitcomet\tools\bitcometservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
2140
CMD
C:\Users\admin\AppData\Local\Temp\GoogleToolbarStandaloneSetup_latest.exe /install "appguid={F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}&appname=Google%20Toolbar&needsadmin=True&brand=SHAB" /silent /appargs "appguid={F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}&installerdata=gb%26h%3dset%26d%3dset"
Path
C:\Users\admin\AppData\Local\Temp\GoogleToolbarStandaloneSetup_latest.exe
Indicators
Parent process
bitcomet_toolbar.exe
User
admin
Integrity Level
HIGH
Exit code
2147747592
Version:
Company
Google Inc.
Description
Google Update Setup
Version
1.3.21.115
Modules
Image
c:\users\admin\appdata\local\temp\googletoolbarstandalonesetup_latest.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\program files\gume271.tmp\googleupdate.exe

PID
4008
CMD
"C:\Program Files\GUME271.tmp\GoogleUpdate.exe" /install "appguid={F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}&appname=Google%20Toolbar&needsadmin=True&brand=SHAB" /silent /appargs "appguid={F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}&installerdata=gb%26h%3dset%26d%3dset"
Path
C:\Program Files\GUME271.tmp\GoogleUpdate.exe
Indicators
Parent process
GoogleToolbarStandaloneSetup_latest.exe
User
admin
Integrity Level
HIGH
Exit code
2147747592
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.21.103
Modules
Image
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\program files\gume271.tmp\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\program files\gume271.tmp\goopdate.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\msi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\gume271.tmp\goopdateres_en.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\psapi.dll

PID
3088
CMD
"C:\Program Files\BitComet\BitComet.exe"
Path
C:\Program Files\BitComet\BitComet.exe
Indicators
Parent process
BitComet_1.37_x86_setup.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
www.BitComet.com
Description
BitComet - a BitTorrent Client
Version
1.37
Modules
Image
c:\program files\bitcomet\bitcomet.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\uxtheme.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sxs.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\program files\bitcomet\tools\upnp.exe
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\inetcomm.dll
c:\windows\system32\msoert2.dll
c:\windows\system32\inetres.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\jscript.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\xmllite.dll
c:\program files\bitcomet\tools\updater.exe

PID
2492
CMD
"C:\Program Files\BitComet\tools\BitCometService.exe" -service
Path
C:\Program Files\BitComet\tools\BitCometService.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
www.BitComet.com
Description
BitComet disk boost service
Version
1.25
Modules
Image
c:\program files\bitcomet\tools\bitcometservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3952
CMD
"C:\Program Files\BitComet\tools\UPNP.exe" -addfw -app BitComet -tcpport 22201 -udpport 22201 -q
Path
C:\Program Files\BitComet\tools\UPNP.exe
Indicators
No indicators
Parent process
BitComet.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
www.BitComet.com
Description
UPNP config tool for BitComet
Version
1.0
Modules
Image
c:\program files\bitcomet\tools\upnp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\atl.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\slc.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll

PID
2808
CMD
"C:\Program Files\BitComet\tools\UPNP.exe" -add -app BitComet -lanip 192.168.100.104 -tcpport 22201 -udpport 22201 -q
Path
C:\Program Files\BitComet\tools\UPNP.exe
Indicators
No indicators
Parent process
BitComet.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
www.BitComet.com
Description
UPNP config tool for BitComet
Version
1.0
Modules
Image
c:\program files\bitcomet\tools\upnp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\atl.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\slc.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\upnp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ssdpapi.dll

PID
2168
CMD
"C:\Program Files\BitComet\tools\updater.exe" "C:\Users\admin\AppData\Local\Temp\Bit5C0.tmp"
Path
C:\Program Files\BitComet\tools\updater.exe
Indicators
Parent process
BitComet.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\bitcomet\tools\updater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll

Registry activity

Total events
1762
Read events
1463
Write events
291
Delete events
8

Modification events

PID
Process
Operation
Key
Name
Value
2460
BitComet_1.37_x86_setup.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Google Toolbar
2460
BitComet_1.37_x86_setup.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Google\GCAPITemp
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
C:\Users\admin\AppData\Local\Temp\BitComet_1.37_x86_setup.exe
1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Google Toolbar
test
test
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\GCAPITemp
test
te
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\BitComet
NeedGoogleToolBar
0
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\BitComet
GoogleToolBarInstalled
0
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\BitComet
NeedGoogleToolBar
1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B99B5DF3-3AD2-463F-8F8C-86787623E1D5}
BitCometAgent
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BitCometAgent.DLL
AppID
{B99B5DF3-3AD2-463F-8F8C-86787623E1D5}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent.1
BitComet Agent
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent.1\CLSID
{C8FF2A06-638A-4913-8403-50294CFF6608}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent
BitComet Agent
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent\CLSID
{C8FF2A06-638A-4913-8403-50294CFF6608}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent\CurVer
BitCometAgent.BcAgent.1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}
BitComet Agent
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\ProgID
BitCometAgent.BcAgent.1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\VersionIndependentProgID
BitCometAgent.BcAgent
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\InprocServer32
C:\Program Files\BitComet\tools\BitCometAgent_1.5.4.11.dll
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\InprocServer32
ThreadingModel
Apartment
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}
AppID
{B99B5DF3-3AD2-463F-8F8C-86787623E1D5}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\TypeLib
{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}\1.0
BitCometAgent 1.0 ÀàÐÍ¿â
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}\1.0\FLAGS
0
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}\1.0\0\win32
C:\Program Files\BitComet\tools\BitCometAgent_1.5.4.11.dll
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}\1.0\HELPDIR
C:\Program Files\BitComet\tools
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}
IBcAgent
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}\TypeLib
{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}\TypeLib
Version
1.0
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\BitComet
C:\Program Files\BitComet
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\BitComet
InstallSettingCaptureIEDownload
0
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\BitComet\BitComet
CaptureIEDownload
0
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\BitComet
Install Date
20190210
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\BitComet
NewInstall
1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\BitComet
PackageName
BitComet_1.37_x86_setup.exe
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CLASSES_ROOT\.torrent
bittorrent
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CLASSES_ROOT\bittorrent
BitComet File
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CLASSES_ROOT\bittorrent\shell\open\command
"C:\Program Files\BitComet\BitComet.exe"
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CLASSES_ROOT\bittorrent\shell\open\ddeexec
[open("%1")]
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CLASSES_ROOT\bittorrent\shell\open\ddeexec\Application
BitComet
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CLASSES_ROOT\bittorrent\shell\open\ddeexec\Topic
TORRENT
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CLASSES_ROOT\bittorrent\DefaultIcon
"C:\Program Files\BitComet\BitComet.exe",1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CLASSES_ROOT\.torrent
Content Type
application/x-bittorrent
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-bittorrent
Extension
.torrent
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bc
URL: BitComet Transfer Protocol
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bc
URL Protocol
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bc\DefaultIcon
"C:\Program Files\BitComet\BitComet.exe",1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bc\shell\open\command
"C:\Program Files\BitComet\BitComet.exe" /url "%1"
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet
URL: MAGNET-URI Protocol
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet
Content Type
application/x-magnet
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet
URL Protocol
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet\DefaultIcon
"C:\Program Files\BitComet\BitComet.exe",1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet\shell\open\command
"C:\Program Files\BitComet\BitComet.exe" /url "%1"
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{59CABE4F-3BB1-43bf-8AF1-D08E4C6F1660}
Policy
3
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{59CABE4F-3BB1-43bf-8AF1-D08E4C6F1660}
AppName
BitComet.exe
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{59CABE4F-3BB1-43bf-8AF1-D08E4C6F1660}
AppPath
C:\Program Files\BitComet
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\BitComet
DesktopShortcut
BitComet
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\BitComet
InstallSettingCaptureIEDownload
1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\BitComet\BitComet
CaptureIEDownload
1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
DownloadUI
{A8DC7D60-AD8F-491E-9A84-8FF901E7556E}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
DownloadUI
{A8DC7D60-AD8F-491E-9A84-8FF901E7556E}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download link using &BitComet
res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download link using &BitComet
contexts
34
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download link using &BitComet
BitCometCreated
1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all links using BitComet
res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all links using BitComet
contexts
243
2460
BitComet_1.37_x86_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all links using BitComet
BitCometCreated
1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{00980C9D-751F-4A5F-B6CE-6D81998264FD}
BitCometBHO
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BitCometBHO.DLL
AppID
{00980C9D-751F-4A5F-B6CE-6D81998264FD}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometBHO.CIEClickCapture.1
BitComet Helper
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometBHO.CIEClickCapture.1\CLSID
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometBHO.CIEClickCapture
BitComet Helper
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometBHO.CIEClickCapture\CLSID
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometBHO.CIEClickCapture\CurVer
BitCometBHO.CIEClickCapture.1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
BitComet Helper
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ProgID
BitCometBHO.CIEClickCapture.1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\VersionIndependentProgID
BitCometBHO.CIEClickCapture
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\InprocServer32
C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\InprocServer32
ThreadingModel
Apartment
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
AppID
{00980C9D-751F-4A5F-B6CE-6D81998264FD}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\TypeLib
{66A8414F-F2E4-4766-BE09-8F72CDDACED4}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
BitComet ClickCapture
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometBHO.DownloadManager.1
DownloadManager Class
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometBHO.DownloadManager.1\CLSID
{A8DC7D60-AD8F-491E-9A84-8FF901E7556E}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometBHO.DownloadManager
DownloadManager Class
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometBHO.DownloadManager\CLSID
{A8DC7D60-AD8F-491E-9A84-8FF901E7556E}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometBHO.DownloadManager\CurVer
BitCometBHO.DownloadManager.1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8DC7D60-AD8F-491E-9A84-8FF901E7556E}
DownloadManager Class
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8DC7D60-AD8F-491E-9A84-8FF901E7556E}\ProgID
BitCometBHO.DownloadManager.1
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8DC7D60-AD8F-491E-9A84-8FF901E7556E}\VersionIndependentProgID
BitCometBHO.DownloadManager
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8DC7D60-AD8F-491E-9A84-8FF901E7556E}\InprocServer32
C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8DC7D60-AD8F-491E-9A84-8FF901E7556E}\InprocServer32
ThreadingModel
Apartment
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8DC7D60-AD8F-491E-9A84-8FF901E7556E}
AppID
{00980C9D-751F-4A5F-B6CE-6D81998264FD}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8DC7D60-AD8F-491E-9A84-8FF901E7556E}\TypeLib
{66A8414F-F2E4-4766-BE09-8F72CDDACED4}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66A8414F-F2E4-4766-BE09-8F72CDDACED4}\1.0
BitCometBHO 1.0 ÀàÐÍ¿â
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66A8414F-F2E4-4766-BE09-8F72CDDACED4}\1.0\FLAGS
0
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66A8414F-F2E4-4766-BE09-8F72CDDACED4}\1.0\0\win32
C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66A8414F-F2E4-4766-BE09-8F72CDDACED4}\1.0\HELPDIR
C:\Program Files\BitComet\tools
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F08F65A5-7F91-45D7-A119-12AC4AB3D229}
IIEClickCapture
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F08F65A5-7F91-45D7-A119-12AC4AB3D229}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F08F65A5-7F91-45D7-A119-12AC4AB3D229}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F08F65A5-7F91-45D7-A119-12AC4AB3D229}\TypeLib
{66A8414F-F2E4-4766-BE09-8F72CDDACED4}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F08F65A5-7F91-45D7-A119-12AC4AB3D229}\TypeLib
Version
1.0
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6CFA2528-2725-491D-8E0D-E67AB5C5A17A}
IDownloadManager_Place
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6CFA2528-2725-491D-8E0D-E67AB5C5A17A}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6CFA2528-2725-491D-8E0D-E67AB5C5A17A}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6CFA2528-2725-491D-8E0D-E67AB5C5A17A}\TypeLib
{66A8414F-F2E4-4766-BE09-8F72CDDACED4}
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6CFA2528-2725-491D-8E0D-E67AB5C5A17A}\TypeLib
Version
1.0
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}
Default Visible
YES
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}
ButtonText
BitComet
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}
HotIcon
C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll,203
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}
Icon
C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll,203
2460
BitComet_1.37_x86_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Ex