ThreatExpert Report: Spyware-PowerSpy, Mal/VB-G, not-a-virus:Monitor.Win32.PowerSpy..

Submission Summary:

Submission details:

Submission received: 2 October 2009, 05:00:08
Processing time: 8 min 33 sec
Submitted sample:

File MD5: 0x2BBF4DE9887237A8E566E130D08B75EC
File SHA-1: 0x3926E627356ADC2B65BAAFECF8D589F0AD2AD876
Filesize: 4,304,630 bytes

Summary of the findings:

What's been found	Severity Level
Capability to send out email message(s) with the built-in SMTP client engine.
Registers a 32-bit in-process server DLL.
Contains characteristics of an identified security risk.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

Possible Security Risk

Attention! Characteristics of the following security risks were identified in the system:

Security Risk	Description
Spyware.PowerSpy	Spyware.PowerSpy is a spyware program that monitors internet activity and users browsing habits.
Application.Power_Spy	Power Spy is a monitoring software from eMatrixSoft, Inc. It can run in stealth mode and capture all keystrokes, emails sent and received, applications used, instant messages, websites visited etc. It also has the ability to take snapshots of the system at regular intervals. All the information captured is stored by this software in log files and it has the ability to send these log files to a specified email address. Removal of this software is advisable if it is not installed for a purpose.

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%ProgramFiles%\SKPCS\COMCTL32.OCX	608,448 bytes	MD5: 0xEB5F811C1F78005B3C147599A0CCCF51 SHA-1: 0x19E8153569D1379634BA9D12E84DC35B10FAF689	(not available)
2	%ProgramFiles%\SKPCS\data\emxfile.emx	270,336 bytes	MD5: 0x3A067A504081725278438580D96107E7 SHA-1: 0xF4B484F1B2390B2EA9589343A2A702C0F1B4CA82	(not available)
3	%ProgramFiles%\SKPCS\data\eventsys.exe	749,568 bytes	MD5: 0x5F813EEC03C4E808565FE2FEF2C35111 SHA-1: 0x9AE5EE7CD5986A7BC758B6080EEA1DBADDD5A0A0	Spyware-PowerSpy [McAfee] Mal/VB-G [Sophos] not-a-virus:Monitor.Win32.PowerSpy [Ikarus]
4	%ProgramFiles%\SKPCS\data\psini.ini	975 bytes	MD5: 0x9BDB3BDC7D501C7883725B7473B14478 SHA-1: 0xE2676CDF4B8E5E02A027DD5247AA2377FFBEF84E	(not available)
5	%ProgramFiles%\SKPCS\data\ps_demo_report.html	5,271 bytes	MD5: 0x72369902CB1A26B0CF56C5AA5C36384C SHA-1: 0xB893DAC9B6D6B14156F5C0015FA22410484E06BD	(not available)
6	%ProgramFiles%\SKPCS\data\symserv.exe	28,672 bytes	MD5: 0x9D25724D1CAD235220646CD712FA3FD6 SHA-1: 0x4A83EB26324020A24FEA0CA5A307A456DF1A1ABF	Mal/VB-G [Sophos] not-a-virus:Monitor.Win32.PowerSpy [Ikarus] Win-Trojan/Xema.variant [AhnLab]
7	%ProgramFiles%\SKPCS\data\testftpok.html	37 bytes	MD5: 0x93FC071070D7D4E293C0DC90CE187B00 SHA-1: 0x0D4621A35D676F7DFA284A09D6D2DF1CE69BBB5D	(not available)
8	%ProgramFiles%\SKPCS\data\tmphost.exe	36,864 bytes	MD5: 0x9A0BCB3849AAAFA6A494B1C5B457D9A1 SHA-1: 0xD7531EDC4DF4D91E04F36B54DF5769DB678AF913	Spyware-PowerSpy [McAfee]
9	%ProgramFiles%\SKPCS\help.chm	817,375 bytes	MD5: 0x3DD9316700814BCC9D30C366B8AB20EB SHA-1: 0xF6AFDF25DDDB6D2308B68D1B4992B4341FA89486	(not available)
10	%ProgramFiles%\SKPCS\License.txt	2,646 bytes	MD5: 0x4CF593D9241BC72F884EE645897E3A20 SHA-1: 0x591E84407C24EB381C36ADE3F60AEF6111280890	(not available)
11	%ProgramFiles%\SKPCS\load.exe	45,056 bytes	MD5: 0x8E18BF11A457B5E7E06B1F2A86633B42 SHA-1: 0xA8F56A60A8984E3B60291EBEAE746BC9C4515484	Spyware-PowerSpy [McAfee] not-a-virus:Monitor.Win32.PowerSpy [Ikarus]
12	%ProgramFiles%\SKPCS\mscomct2.ocx	662,288 bytes	MD5: 0xAE47A8A5FE8193BB84FFCD338115D8EF SHA-1: 0xEDBE4B85F000880EBD68239EAB29FAC3D79F3113	(not available)
13	%ProgramFiles%\SKPCS\pssetup.exe	1,216,512 bytes	MD5: 0x2242D01679FB9A585D6F124355C25893 SHA-1: 0xD6EBD2FB2E0EF522BF3B24895167DFFD79E64465	(not available)
14	%ProgramFiles%\SKPCS\readme.txt	1,182 bytes	MD5: 0x1EF1F18233A06124E65DCE9D0DEEC5AE SHA-1: 0x809CD4B87F179611F554E39FEB6465E05428A035	(not available)
15	%ProgramFiles%\SKPCS\unins000.dat	5,300 bytes	MD5: 0xA96FA4F67DB49FFA09CBCB38D0BD4B87 SHA-1: 0x36C93D022976F5AB409F6DB1307315977640D502	(not available)
16	%ProgramFiles%\SKPCS\unins000.exe	683,801 bytes	MD5: 0x565CB76B8E7BE274DF335936595624B7 SHA-1: 0x2B24B57F2D05ABC43994ED09221801F1564E6A0D	(not available)
17	%System%\gdiplus.dll	1,700,352 bytes	MD5: 0x4D328694BB516E46D2D184950D94433F SHA-1: 0x9B31771A8C201B74C846DA1F1A254866DC2F912D	(not available)
18	%System%\mxpvct22.dat	132,880 bytes	MD5: 0x90A39346E9B67F132EF133725C487FF6 SHA-1: 0x9CD22933F628465C863BED7895D99395ACAA5D2A	(not available)
19	%System%\mxpvct23.dat	40,960 bytes	MD5: 0x8FD9D743A57B040CF1116FA72C9DA801 SHA-1: 0x6A5D45A3D28ADB961408CD27D20B6A539D97EE8E	(not available)
20	%System%\mxpvct25.dat	1,519,616 bytes	MD5: 0xFEDF6AB469BB4E3157ED321216BA025C SHA-1: 0x477A809E14D760E0D997D815AC3262D2C9CC064C	(not available)
21	%System%\psappini.ini	12 bytes	MD5: 0x5D68EE84E0D4D6F05DE197878F4121D9 SHA-1: 0x7BD7630CAFB50A19CF205739B4A504382D33FC91	(not available)
22	[file and pathname of the sample #1]	4,304,630 bytes	MD5: 0x2BBF4DE9887237A8E566E130D08B75EC SHA-1: 0x3926E627356ADC2B65BAAFECF8D589F0AD2AD876	(not available)
23	%System%\wnaspid.exe	24,576 bytes	MD5: 0xF188BBD1554AC944A4E0747867B861C9 SHA-1: 0xD140552F56F09BE315B6FD2CB48B7897F9A361B6	not-a-virus:Monitor.Win32.PowerSpy [Ikarus] Win-Trojan/Xema.variant [AhnLab]

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following directories were created:

c:\%UserName%
%ProgramFiles%\SKPCS
%ProgramFiles%\SKPCS\data
%ProgramFiles%\SKPCS\logs
%ProgramFiles%\SKPCS\scrshot

Notes:

%UserName% is a variable that refers to the current user name.

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	81,920 bytes
[generic host process]	[generic host process filename]	20,480 bytes
is-PSVCD.tmp	%Temp%\is-5VG1T.tmp\is-PSVCD.tmp	733,184 bytes
load.exe	%ProgramFiles%\skpcs\load.exe	45,056 bytes
tmphost.exe	%ProgramFiles%\skpcs\data\tmphost.exe	36,864 bytes
pssetup.exe	%ProgramFiles%\skpcs\pssetup.exe	1,236,992 bytes
wnaspid.exe	%System%\wnaspid.exe	24,576 bytes

Notes:

[generic host process filename] is a full path filename of [generic host process].
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following module was loaded into the address space of other process(es):

Module Name	Module Filename	Address Space Details
mxpvct22.dat	%System%\mxpvct22.dat	Process name: eventsys.exe Process filename: %ProgramFiles%\skpcs\data\eventsys.exe Address space: 0x234C0000 - 0x234DE000

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5883CA7C-B619-45C9-8E5D-DD6F7EA91785}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5883CA7C-B619-45C9-8E5D-DD6F7EA91785}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5883CA7C-B619-45C9-8E5D-DD6F7EA91785}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5883CA7C-B619-45C9-8E5D-DD6F7EA91785}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5883CA7C-B619-45C9-8E5D-DD6F7EA91785}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5883CA7C-B619-45C9-8E5D-DD6F7EA91785}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4643A87-99A0-4404-9BC5-2322BDD61637}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4643A87-99A0-4404-9BC5-2322BDD61637}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4643A87-99A0-4404-9BC5-2322BDD61637}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4643A87-99A0-4404-9BC5-2322BDD61637}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4643A87-99A0-4404-9BC5-2322BDD61637}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4643A87-99A0-4404-9BC5-2322BDD61637}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\Insertable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\MiscStatus
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\MiscStatus\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06544919-F559-4AE5-9001-F903BD8A84E6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06544919-F559-4AE5-9001-F903BD8A84E6}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06544919-F559-4AE5-9001-F903BD8A84E6}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06544919-F559-4AE5-9001-F903BD8A84E6}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4340DF8E-D7A3-4675-BE74-80077B2B3E81}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4340DF8E-D7A3-4675-BE74-80077B2B3E81}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4340DF8E-D7A3-4675-BE74-80077B2B3E81}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4340DF8E-D7A3-4675-BE74-80077B2B3E81}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51A0888C-9970-44DE-8C2C-835BA870D06F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51A0888C-9970-44DE-8C2C-835BA870D06F}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51A0888C-9970-44DE-8C2C-835BA870D06F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51A0888C-9970-44DE-8C2C-835BA870D06F}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5ACAE4B8-62D9-4124-A58A-9B1258B77E99}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5ACAE4B8-62D9-4124-A58A-9B1258B77E99}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5ACAE4B8-62D9-4124-A58A-9B1258B77E99}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5ACAE4B8-62D9-4124-A58A-9B1258B77E99}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7D37DED8-1945-4E42-A3FD-B9620E0AD8E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7D37DED8-1945-4E42-A3FD-B9620E0AD8E3}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7D37DED8-1945-4E42-A3FD-B9620E0AD8E3}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7D37DED8-1945-4E42-A3FD-B9620E0AD8E3}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4C23B78-DB98-444C-B601-DCAC6EBBEC54}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4C23B78-DB98-444C-B601-DCAC6EBBEC54}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4C23B78-DB98-444C-B601-DCAC6EBBEC54}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4C23B78-DB98-444C-B601-DCAC6EBBEC54}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CCB7FB40-99EC-4678-9202-52798DA78ABA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CCB7FB40-99EC-4678-9202-52798DA78ABA}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CCB7FB40-99EC-4678-9202-52798DA78ABA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CCB7FB40-99EC-4678-9202-52798DA78ABA}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D12FB216-99DA-4EB3-9CC0-C0F760B174A0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D12FB216-99DA-4EB3-9CC0-C0F760B174A0}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D12FB216-99DA-4EB3-9CC0-C0F760B174A0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D12FB216-99DA-4EB3-9CC0-C0F760B174A0}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D56C1AF1-3FDE-471C-9BC2-C52515F260C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D56C1AF1-3FDE-471C-9BC2-C52515F260C1}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D56C1AF1-3FDE-471C-9BC2-C52515F260C1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D56C1AF1-3FDE-471C-9BC2-C52515F260C1}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E656B867-992C-4462-A27D-EBE604EC3A48}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E656B867-992C-4462-A27D-EBE604EC3A48}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E656B867-992C-4462-A27D-EBE604EC3A48}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E656B867-992C-4462-A27D-EBE604EC3A48}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC279BC4-9E6E-4999-93E2-3AE39CCE2927}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC279BC4-9E6E-4999-93E2-3AE39CCE2927}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC279BC4-9E6E-4999-93E2-3AE39CCE2927}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC279BC4-9E6E-4999-93E2-3AE39CCE2927}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1DF3AFED-99E0-4474-9900-954B8FD24E86}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1DF3AFED-99E0-4474-9900-954B8FD24E86}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1DF3AFED-99E0-4474-9900-954B8FD24E86}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1DF3AFED-99E0-4474-9900-954B8FD24E86}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1DF3AFED-99E0-4474-9900-954B8FD24E86}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1DF3AFED-99E0-4474-9900-954B8FD24E86}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64DEBE33-C381-465B-A707-3F56C5B93470}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64DEBE33-C381-465B-A707-3F56C5B93470}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64DEBE33-C381-465B-A707-3F56C5B93470}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64DEBE33-C381-465B-A707-3F56C5B93470}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64DEBE33-C381-465B-A707-3F56C5B93470}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64DEBE33-C381-465B-A707-3F56C5B93470}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.Email2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.Email2\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.Email2\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.Email2.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.Email2.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.EmailBundle2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.EmailBundle2\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.EmailBundle2\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.EmailBundle2.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.EmailBundle2.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.MailMan2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.MailMan2\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.MailMan2\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.MailMan2.1

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5883CA7C-B619-45C9-8E5D-DD6F7EA91785}\VersionIndependentProgID]

(Default) = "MAPIProp.MAPIPropWrapper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5883CA7C-B619-45C9-8E5D-DD6F7EA91785}\TypeLib]

(Default) = "{64DEBE33-C381-465B-A707-3F56C5B93470}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5883CA7C-B619-45C9-8E5D-DD6F7EA91785}\ProgID]

(Default) = "MAPIProp.MAPIPropWrapper.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5883CA7C-B619-45C9-8E5D-DD6F7EA91785}\InprocServer32]

(Default) = "%System%\mxpvct23.dat"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5883CA7C-B619-45C9-8E5D-DD6F7EA91785}]

(Default) = "MAPIPropWrapper Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4643A87-99A0-4404-9BC5-2322BDD61637}\VersionIndependentProgID]

(Default) = "ChilkatMail2.ChilkatEmail2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4643A87-99A0-4404-9BC5-2322BDD61637}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4643A87-99A0-4404-9BC5-2322BDD61637}\ProgID]

(Default) = "ChilkatMail2.ChilkatEmail2.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4643A87-99A0-4404-9BC5-2322BDD61637}\InprocServer32]

(Default) = "%System%\mxpvct25.dat"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4643A87-99A0-4404-9BC5-2322BDD61637}]

(Default) = "Chilkat Email2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\MiscStatus\1]

(Default) = "132497"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\VersionIndependentProgID]

(Default) = "ChilkatMail2.ChilkatMailMan2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\Version]

(Default) = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\ToolboxBitmap32]

(Default) = "%System%\mxpvct25.dat, 232"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\ProgID]

(Default) = "ChilkatMail2.ChilkatMailMan2.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\MiscStatus]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}\InprocServer32]

(Default) = "%System%\mxpvct25.dat"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A46E5261-9956-4767-88CA-DFCED050D09E}]

(Default) = "Chilkat MailMan2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}\VersionIndependentProgID]

(Default) = "ChilkatMail2.ChilkatEmailBundle2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}\ProgID]

(Default) = "ChilkatMail2.ChilkatEmailBundle2.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}\InprocServer32]

(Default) = "%System%\mxpvct25.dat"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}]

(Default) = "Chilkat EmailBundle2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06544919-F559-4AE5-9001-F903BD8A84E6}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06544919-F559-4AE5-9001-F903BD8A84E6}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06544919-F559-4AE5-9001-F903BD8A84E6}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06544919-F559-4AE5-9001-F903BD8A84E6}]

(Default) = "IPublicKey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4340DF8E-D7A3-4675-BE74-80077B2B3E81}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4340DF8E-D7A3-4675-BE74-80077B2B3E81}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4340DF8E-D7A3-4675-BE74-80077B2B3E81}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4340DF8E-D7A3-4675-BE74-80077B2B3E81}]

(Default) = "ICkStringArray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51A0888C-9970-44DE-8C2C-835BA870D06F}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51A0888C-9970-44DE-8C2C-835BA870D06F}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51A0888C-9970-44DE-8C2C-835BA870D06F}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51A0888C-9970-44DE-8C2C-835BA870D06F}]

(Default) = "IChilkatEmailBundle2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5ACAE4B8-62D9-4124-A58A-9B1258B77E99}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5ACAE4B8-62D9-4124-A58A-9B1258B77E99}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5ACAE4B8-62D9-4124-A58A-9B1258B77E99}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5ACAE4B8-62D9-4124-A58A-9B1258B77E99}]

(Default) = "IChilkatMime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7D37DED8-1945-4E42-A3FD-B9620E0AD8E3}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7D37DED8-1945-4E42-A3FD-B9620E0AD8E3}\ProxyStubClsid32]

(Default) = "{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7D37DED8-1945-4E42-A3FD-B9620E0AD8E3}\ProxyStubClsid]

(Default) = "{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7D37DED8-1945-4E42-A3FD-B9620E0AD8E3}]

(Default) = "_IChilkatMailEvents"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4C23B78-DB98-444C-B601-DCAC6EBBEC54}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4C23B78-DB98-444C-B601-DCAC6EBBEC54}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4C23B78-DB98-444C-B601-DCAC6EBBEC54}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4C23B78-DB98-444C-B601-DCAC6EBBEC54}]

(Default) = "IPrivateKey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CCB7FB40-99EC-4678-9202-52798DA78ABA}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CCB7FB40-99EC-4678-9202-52798DA78ABA}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CCB7FB40-99EC-4678-9202-52798DA78ABA}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CCB7FB40-99EC-4678-9202-52798DA78ABA}]

(Default) = "IChilkatMailMan2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D12FB216-99DA-4EB3-9CC0-C0F760B174A0}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D12FB216-99DA-4EB3-9CC0-C0F760B174A0}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D12FB216-99DA-4EB3-9CC0-C0F760B174A0}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D12FB216-99DA-4EB3-9CC0-C0F760B174A0}]

(Default) = "IChilkatCSP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D56C1AF1-3FDE-471C-9BC2-C52515F260C1}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D56C1AF1-3FDE-471C-9BC2-C52515F260C1}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D56C1AF1-3FDE-471C-9BC2-C52515F260C1}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D56C1AF1-3FDE-471C-9BC2-C52515F260C1}]

(Default) = "IChilkatCert"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E656B867-992C-4462-A27D-EBE604EC3A48}\TypeLib]

(Default) = "{1DF3AFED-99E0-4474-9900-954B8FD24E86}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E656B867-992C-4462-A27D-EBE604EC3A48}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E656B867-992C-4462-A27D-EBE604EC3A48}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E656B867-992C-4462-A27D-EBE604EC3A48}]

(Default) = "IChilkatEmail2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC279BC4-9E6E-4999-93E2-3AE39CCE2927}\TypeLib]

(Default) = "{64DEBE33-C381-465B-A707-3F56C5B93470}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC279BC4-9E6E-4999-93E2-3AE39CCE2927}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC279BC4-9E6E-4999-93E2-3AE39CCE2927}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC279BC4-9E6E-4999-93E2-3AE39CCE2927}]

(Default) = "IMAPIPropWrapper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1DF3AFED-99E0-4474-9900-954B8FD24E86}\1.0\0\win32]

(Default) = "%System%\mxpvct25.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1DF3AFED-99E0-4474-9900-954B8FD24E86}\1.0\HELPDIR]

(Default) = "%System%\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1DF3AFED-99E0-4474-9900-954B8FD24E86}\1.0\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1DF3AFED-99E0-4474-9900-954B8FD24E86}\1.0]

(Default) = "Chilkat Mail"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64DEBE33-C381-465B-A707-3F56C5B93470}\1.0\0\win32]

(Default) = "%System%\mxpvct23.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64DEBE33-C381-465B-A707-3F56C5B93470}\1.0\HELPDIR]

(Default) = "%System%\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64DEBE33-C381-465B-A707-3F56C5B93470}\1.0\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64DEBE33-C381-465B-A707-3F56C5B93470}\1.0]

(Default) = "MAPIProp 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.Email2\CurVer]

(Default) = "Chilkat.Email2.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.Email2\CLSID]

(Default) = "{A4643A87-99A0-4404-9BC5-2322BDD61637}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.Email2]

(Default) = "Chilkat Email2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.Email2.1\CLSID]

(Default) = "{A4643A87-99A0-4404-9BC5-2322BDD61637}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.Email2.1]

(Default) = "Chilkat Email2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.EmailBundle2\CurVer]

(Default) = "Chilkat.EmailBundle2.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.EmailBundle2\CLSID]

(Default) = "{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.EmailBundle2]

(Default) = "Chilkat EmailBundle2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chilkat.EmailBundle2.1\CLSID]

(Default) = "{A7EC2CD3-9941-4FD4-9D01-105DC16A4313}"

The following Registry Values were deleted:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>xuPisIgof(2r9efGjyo1"

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InetCtls.Inet]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InetCtls.Inet.1]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.Animation]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.Animation.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.DTPicker]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.DTPicker.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.FlatScrollBar]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.FlatScrollBar.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.MonthView]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.MonthView.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.UpDown]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.UpDown.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7}\1.3\0\win32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0\0\win32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0\HELPDIR]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

C:\WINDOWS\system32\msvbvm60.dll =

Other details

Analysis of the file resources indicate the following possible countries of origin:

	Russian Federation
	Netherlands

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.