'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-01-28 23:55:10.770617 2017-01-28 23:55:53.165397 42 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-01-28 23:55:11 2017-01-28 23:55:53

File Details

File name a37b294c5f10ca4438d1b8dada5dc53dfedd2b04.zip
File size 3284289 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 2521EA1B
MD5 fe3b4f7037fe25c00f3ac32714b4cdbc
SHA1 a37b294c5f10ca4438d1b8dada5dc53dfedd2b04
SHA256 9387e018b9d4342ac200f6c73ba27c2b0a35b015939a5ddef413fe5c56718bea
SHA512 960364d14c264aecc3af9669d975c4b11ccf985cda42ddd79e32ff1183c32fd5c57265a9fde6253c551c7ad813b8b712d9e787ccd68442dd4c03fa23ff8f772d
Ssdeep 98304:zQAnp7TNMNGIhwJzlZ5tpjstnQUV11ur7thtb:zj7xShUJZ5TjstQMSnthd
PEiD None matched
Yara
  • shellcode (Matched shellcode byte patterns)
VirusTotal Permalink
VirusTotal Scan Date: 2017-01-13 15:05:24
Detection Rate: 1/58 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=2, VT[1485647762]=0): Snort Events=0, AV Events=0
Total Score=75

Dropped File/Buffer Yara Signatures:
nu.exe: vmdetect


Zipped File Yara Signatures:
nu.exe: vmdetect

Signatures

antivm_queries_computername details
recon_fingerprint details
antivm_memory_available details
Attempt_to_open_VBA_AutoRun details
Jalik_Trojan_Behavior details
persistence_ads details
antiav_detectreg details
antidbg_devices details
antidbg_windows details
antivm_generic_bios details
antivm_generic_disk details
antivm_vmware_in_instruction details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

9a5195f38093db2e_applog.log

667041c06f8ba1d8_~DF0E4AFD56DE802D29.TMP

nu.exe

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

File-Read
  • C:\Users\Harry Dresden\Documents\desktop.ini
  • C:\Users\Harry Dresden\AppData\Local\Temp\nu.exe
  • C:\Users\desktop.ini
  • C:\Users\Harry Dresden\AppData\Local\Temp\AppLog.log
File-Written
  • C:\Users\Harry Dresden\AppData\Local\Temp\AppLog.log
File-Deleted
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
  • C:\Users\Harry Dresden\AppData\Local\Temp\~DF0E4AFD56DE802D29.TMP
File-Opened
  • C:\Users\Harry Dresden
  • C:\
  • C:\Users\Harry Dresden\AppData\Local\Temp\AppLog.log
  • C:\Users\desktop.ini
  • \??\C:
  • C:\Users
  • C:\Users\Harry Dresden\Documents\desktop.ini
  • C:\Users\Harry Dresden\AppData\Local\Temp\nu.exe
  • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
Directory-Created
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows\Caches
  • C:\Users\Harry Dresden\AppData\Local\Temp\ref
  • C:\Users\Harry Dresden\Documents\Norton Utilities 16\Recovered Files
  • C:\Users\Harry Dresden\AppData\Local\Temp\backup
  • C:\Users\Harry Dresden\AppData\Local\Temp\log
  • C:\ProgramData\TEMP
  • C:\Users\Harry Dresden\Documents\Norton Utilities 16
  • C:\Users\Harry Dresden\AppData\Local\Temp\data
Directory-Enumerated
  • C:\*
  • C:\Users\Harry Dresden\AppData\Local\Temp\PTNorton Utilities.hlp
  • C:\Users\Harry Dresden\AppData\Local\Temp\*
  • C:\Users\Harry Dresden\AppData\Local\Temp\Norton Utilities.chm
  • C:\Users\Harry Dresden\Documents\Norton Utilities 16\nul
  • C:\Users\Harry Dresden\Documents\Norton Utilities 16\Recovered Files\*.*
  • C:\Users\Harry Dresden\Documents\Norton Utilities 16\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\Norton Utilities.hlp
  • C:\Users\Harry Dresden\Documents\Norton Utilities 16\Recovered Files\nul
  • C:\Windows\System32\*
  • C:\Users\Harry Dresden\AppData\Local\Temp\PTNorton Utilities.chm
  • C:\Users\Harry Dresden\AppData\Local\Temp\Scheduler.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\AppLog.log
  • C:\Windows\*
Registry Key-Opened
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\GetSet\2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\GetSet\3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\GetSet\0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\GetSet\1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\GetSet\4
  • HKEY_CURRENT_USER\CLSID\{6F788FCB-5746-4B4C-93B1-120684416B3B}
  • HKEY_CLASSES_ROOT\Directory
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\General
  • HKEY_CURRENT_USER\CLSID\{80FE1E82-78E4-4DBD-B5D4-0E66DDF186CB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
  • HKEY_CURRENT_USER\CLSID\{9C9491CC-08DD-49FD-B092-042565E648FD}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_CURRENT_USER\Directory\DocObject
  • HKEY_CURRENT_USER\CLSID\{78DC156D-5764-4FC0-BB3D-D01E98947952}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\VersionIndependentProgID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\ProgID
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\RegScan
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\wlfpgkcea
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
  • HKEY_CURRENT_USER\CLSID\{B00BB3E3-D8CA-420A-B428-001719961E95}
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\Uninstaller
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\VersionIndependentProgID
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  • HKEY_LOCAL_MACHINE\Software\Symantec\Norton Utilities 16\Settings
  • HKEY_CURRENT_USER\CLSID\{E5CC2978-E8A5-4C1D-941F-3B6AABD86D8B}
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\FileRecovery
  • HKEY_CURRENT_USER\CLSID\{E9ABF673-C77E-4C84-86BE-3CFA116419F5}
  • HKEY_CURRENT_USER\CLSID\{2081184B-FFC6-4D81-853C-EA255F300460}
  • HKEY_CLASSES_ROOT\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\AuxUserType\3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\AuxUserType\2
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\Shredder
  • HKEY_CURRENT_USER\CLSID\{DA65A422-081F-4778-AF9E-B5F57EC828FE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\Insertable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\Verb\1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\Verb
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\DataFormats
  • HKEY_CURRENT_USER\Directory\CurVer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\Tracing
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273d-d442-11e0-8ee6-806e6f6e6963}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_CURRENT_USER\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\InprocHandler32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DefaultIcon
  • HKEY_CURRENT_USER\CLSID\{CB83805E-4CEC-4CA2-B34A-31A5F6AF44FB}
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
  • HKEY_CURRENT_USER\CLSID\{5275C436-C7F2-48A5-9A5B-43C9123D5374}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\GetSet
  • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\Hardware\Description\System
  • HKEY_LOCAL_MACHINE\Software\Symantec\Norton Utilities 16\Urls
  • HKEY_CURRENT_USER\CLSID\{F02B9993-0E43-4F24-8E0E-F9C03C896248}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
  • HKEY_LOCAL_MACHINE\Software\Licenses
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\HTML Help
  • HKEY_CURRENT_USER\CLSID\{EF208CFA-ED89-48BE-A160-44352BFBF169}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\Conversion\Readable
  • HKEY_LOCAL_MACHINE\Software\Microsoft\RFC1156Agent\CurrentVersion\Parameters
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\Conversion
  • HKEY_CURRENT_USER\CLSID\{2A22EA85-5AB0-4897-B475-B722A76C1EB8}
  • HKEY_CURRENT_USER\CLSID\{F3E14D91-7B6A-439D-9FF2-ACE2C601A37D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DefaultExtension
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\DataFormats\GetSet\0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
  • HKEY_CURRENT_USER\Directory\BrowseInPlace
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\Conversion\Readable\Main
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\MiscStatus
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\InprocHandler32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\LocalServer32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\LocalServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\Verb\0
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  • HKEY_CURRENT_USER\CLSID\{1EB49D53-FC53-4564-B053-5B4F6FB8014E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\DefaultExtension
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\DataFormats\GetSet\1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\Verb
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\DataFormats\GetSet\3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\DataFormats\GetSet\2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\DataFormats\GetSet\4
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc2740-d442-11e0-8ee6-806e6f6e6963}\
  • HKEY_LOCAL_MACHINE\Software\Symantec\Norton Utilities 16\Paths
  • HKEY_LOCAL_MACHINE\Software\The Silicon Realms Toolworks\Armadillo
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\Conversion
  • HKEY_CURRENT_USER\Directory\(Default)
  • HKEY_CURRENT_USER\CLSID\{33500F32-5F9A-4389-BA37-434E611AD1A4}
  • HKEY_CURRENT_USER\Directory\ShellEx\IconHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
  • HKEY_CLASSES_ROOT\CLSID
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\DataFormats\DefaultFile
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\AuxUserType\2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\AuxUserType\3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\DataFormats\GetSet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\Insertable
  • HKEY_CURRENT_USER\CLSID\{4989160D-8207-45D5-9FB7-FEB21FD2BD06}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\MiscStatus
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273c-d442-11e0-8ee6-806e6f6e6963}\
  • HKEY_CURRENT_USER\CLSID\{ADB54B49-A298-4445-9981-E8232B15B6B6}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\Conversion\Readable\Main
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT\UserEra
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Help
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
  • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
  • HKEY_CURRENT_USER\Directory\Clsid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\DefaultIcon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\AuxUserType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\AuxUserType
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
  • HKEY_CURRENT_USER\CLSID\{CB0AEFB8-FC4D-40E3-8608-40C82CE0CB30}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\Conversion\Readable
  • HKEY_CLASSES_ROOT\AllFilesystemObjects
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\DefaultFile
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
  • HKEY_CLASSES_ROOT\Folder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\ProgID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\Verb\1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\Verb\0
  • HKEY_CURRENT_USER\CLSID\{B9D622A9-4B2D-4F52-ACB4-6685F728DEFA}
  • HKEY_CURRENT_USER\CLSID\{3E1B484F-9355-4A94-BD13-D43957ABF220}
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\PriScan
  • HKEY_CURRENT_USER\Software\Microsoft\Visual Basic\6.0
Registry Key-Deleted
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\0
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\MaxRpcSize
  • HKEY_CURRENT_USER\Directory\DocObject
  • \ShowLogo
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\RegScan\AutoBackup
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
  • HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
  • \ShowRecWarning
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\HTML Help\.HLP
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\General\1Click
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Norton Utilities 16\Paths\BackUpFile
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273c-d442-11e0-8ee6-806e6f6e6963}\Generation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\FileRecovery\ShowRecFolder
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\PriScan\RefreshDesktop
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\FileRecovery\KeepDirStructure
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Norton Utilities 16\Paths\LogFile
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_CURRENT_USER\Directory\AlwaysShowExt
  • \ShowSupport
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc2740-d442-11e0-8ee6-806e6f6e6963}\Data
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
  • \MetaData
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\General\AutoUpdate
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
  • \CreateLog
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc2740-d442-11e0-8ee6-806e6f6e6963}\Generation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
  • HKEY_CURRENT_USER\Directory\IsShortcut
  • \Language
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Licenses\{0C6728B363A6F92EB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\RegScan\NoConfirmation
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\PriScan\BleachMessage
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273d-d442-11e0-8ee6-806e6f6e6963}\Data
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\Uninstaller\MaxSize
  • HKEY_CURRENT_USER\Directory\BrowseInPlace
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\LogLevel
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_CURRENT_USER\Software\Microsoft\Visual Basic\6.0\AllowUnsafeObjectPassing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
  • \Company
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\OOBEInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\PriScan\HideLowDiskWarning
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
  • \RefFile
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\FileRecovery\RecPath
  • HKEY_CURRENT_USER\Directory\NeverShowExt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Norton Utilities 16\Urls\BuyNow
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\General\WinOptimize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\PriScan\CloseBrowsers
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
  • \Algorithm
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Licenses\{K7C0DB872A3F777C0}
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\Shredder\DataStreams
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273c-d442-11e0-8ee6-806e6f6e6963}\Data
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Licenses\{IC6728B363A6F92EB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Norton Utilities 16\Paths\DatabasePath
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\PriScan\CleanGlobalCache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Licenses\{R7C0DB872A3F777C0}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
  • \ShowActivateLink
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters\TrapPollTimeMilliSecs
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273d-d442-11e0-8ee6-806e6f6e6963}\Generation
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\936
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
  • \Interval
Registry Key-Written
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\RegScan\CreateLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\AuxUserType\3\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\GetSet\2\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\GetSet\1\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Norton Utilities 16\Paths\RefFile
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\Shredder\Algorithm
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DefaultIcon\(Default)
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\General\Language
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\DefaultFile\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\AuxUserType\2\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\Insertable\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DefaultExtension\(Default)
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\PriScan\CleanGlobalCache
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\FileRecovery\ShowRecWarning
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\PriScan\CreateLog
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\RegScan\AutoBackup
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Norton Utilities 16\Urls\Company
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Licenses\{R7C0DB872A3F777C0}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\GetSet\3\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\LocalServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\Conversion\Readable\Main\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\VersionIndependentProgID\(Default)
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\General\1Click
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Norton Utilities 16\Paths\DatabasePath
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\PriScan\HideLowDiskWarning
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\GetSet\4\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Licenses\{0C6728B363A6F92EB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\ProgID\(Default)
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\FileRecovery\RecPath
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\RegScan\NoConfirmation
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\PriScan\BleachMessage
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\General\AutoUpdate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Norton Utilities 16\Urls\BuyNow
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\General\WinOptimize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters\TrapPollTimeMilliSecs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\DataFormats\GetSet\0\(Default)
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\PriScan\CloseBrowsers
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Norton Utilities 16\Paths\BackUpFile
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\FileRecovery\ShowRecFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\Verb\1\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Norton Utilities 16\Paths\LogFile
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\PriScan\RefreshDesktop
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Licenses\{K7C0DB872A3F777C0}
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\Shredder\DataStreams
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\MiscStatus\(Default)
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\FileRecovery\KeepDirStructure
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\InprocHandler32\(Default)
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\Uninstaller\MaxSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA11F52-FB2A-2353-8397-C983A3631FD9}\Verb\0\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Licenses\{IC6728B363A6F92EB}
  • HKEY_CURRENT_USER\Software\Symantec\Norton Utilities 16\Settings\Uninstaller\Interval
Mutex-Accessed
  • SymantecNortonUtilities
  • D7604714::WK
  • RALD7604714

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

"C:\Users\Harry Dresden\AppData\Local\Temp\nu.exe" PID: 4536, Parent PID: 4940

Volatility

Nothing to display.