ThreatExpert Report: Win32.AdWare

Submission Summary:

Submission details:

Submission received: 17 August 2012, 09:15:18
Processing time: 12 min 23 sec
Submitted sample:

File MD5: 0x635BE1F6AD17EB4335DFCAEF75CD8126
File SHA-1: 0x776FC2EABB060E812A1B714DBF514FC42C0DAA26
Filesize: 624,893 bytes
Alias: Win32.AdWare [Ikarus]

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%Temp%\is-LL9H1.tmp\Games.inf	184 bytes	MD5: 0x0E43F5FC847C2DBBC31D5A9846BC8DC5 SHA-1: 0xD33374F43C663466A8DA2DA6267076DD8D28CB8A	(not available)
2	%Temp%\is-LL9H1.tmp\ISB.bmp	211,774 bytes	MD5: 0xAF51E1096AE5F186D369C159EC788D86 SHA-1: 0x761C7453DEB56112EA384D868FBE9897688C0E51	(not available)
3	%Temp%\is-LL9H1.tmp\isbbundle.exe	125 bytes	MD5: 0x7C5F5A68051F6B0C0E9A2AD33C40D415 SHA-1: 0x120865765927A61AF83F02B83DC297EEDE61EC41	(not available)
4	%Temp%\is-LL9H1.tmp\isxdl.dll	50,176 bytes	MD5: 0x02ECC74F7F91E9FFD84DE708683236A6 SHA-1: 0x3532DE0B77DF8B0FC89E9C7EDDEC3FA71F98F5A2	(not available)
5	%Temp%\is-LL9H1.tmp\itdownload.dll	205,312 bytes	MD5: 0xD82A429EFD885CA0F324DD92AFB6B7B8 SHA-1: 0x86BBDAA15E6FC5C7779AC69C84E53C43C9EB20EA	(not available)
6	%Temp%\is-LL9H1.tmp\main.bmp	281,206 bytes	MD5: 0x250EDB2E9E731755D323F7C91AEED495 SHA-1: 0x970EF8E30C8C294222C938B1E035A895DF5FD94C	(not available)
7	%Temp%\is-LL9H1.tmp\rkverify.exe	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
8	%Temp%\is-LL9H1.tmp\_isetup\_RegDLL.tmp	4,096 bytes	MD5: 0x0EE914C6F0BB93996C75941E1AD629C6 SHA-1: 0x12E2CB05506EE3E82046C41510F39A258A5E5549	(not available)
9	%Temp%\is-LL9H1.tmp\_isetup\_shfoldr.dll	23,312 bytes	MD5: 0x92DC6EF532FBB4A5C3201469A5B5EB63 SHA-1: 0x3E89FF837147C16B4E41C30D6C796374E0B8E62C	(not available)
10	%Temp%\is-PO521.tmp\[filename of the sample #1 without extension].tmp	704,512 bytes	MD5: 0xC765336F0DCF4EFDCC2101EED67CD30C SHA-1: 0xFA0279F59738C5AA3B6B20106E109CCD77F895A7	(not available)
11	[file and pathname of the sample #1]	624,893 bytes	MD5: 0x635BE1F6AD17EB4335DFCAEF75CD8126 SHA-1: 0x776FC2EABB060E812A1B714DBF514FC42C0DAA26	Win32.AdWare [Ikarus]

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\is-LL9H1.tmp
%Temp%\is-LL9H1.tmp\_isetup
%Temp%\is-PO521.tmp

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	81,920 bytes
[filename of the sample #1 without extension].tmp	%Temp%\is-PO521.tmp\[filename of the sample #1 without extension].tmp	770,048 bytes

Other details

The following Host Name was requested from a host database:

192.5.5.241

The following Internet Connection was established:

Server Name	Server Port	Connect as User	Connection Password
www.softwaremile.com	80	(null)	(null)

The following GET request was made:

download/isbbundle.exe

Downloaded File Summary:

Download details:

Download retrieved: 17 August 2012 09:27:42
Processing time: 8 min 44 sec
Downloaded sample:

File MD5: 0x30B4B456E1A4321B12988594C796FBA6
File SHA-1: 0x66377E475FDBDC38225F0E8CCB8041826FB02CA9
Filesize: 4,619,008 bytes

Summary of the findings:

What's been found	Severity Level
Attempts to use BITS (Background Intelligent Transfer Service). Some threats are known to use BITS to evade firewall filtering and download files without firewall inspection.
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%CommonAppData%\Microsoft\Network\Downloader\qmgr0.dat	4,232 bytes	MD5: 0xE31CD286BCCD1FB9285F21E999CFDCAB SHA-1: 0x1856285DE3DE74963939F4AA2BB89C0D3D7A2443
2	%CommonAppData%\Microsoft\Network\Downloader\qmgr1.dat	5,272 bytes	MD5: 0x29F80E2579AC6D2962876CE44FDE77DD SHA-1: 0x5243E25BFAF72463B81BB49A991665A2B8CE6A2B
3	%CommonPrograms%\SoftwareMile.com\Youtube Downloader\Help.lnk	729 bytes	MD5: 0x6AC402DCEDC84372F28EF55657F932EF SHA-1: 0xF929A73A3AA093D2A3DAE17C94EBD62BFC485F7F
4	%CommonPrograms%\SoftwareMile.com\Youtube Downloader\Uninstall.lnk	939 bytes	MD5: 0x4E9A48EA4A2D973F1ED08092CEFCF05E SHA-1: 0xFB815305D23881015C732671E5675A8AE9117EE5
5	%CommonPrograms%\SoftwareMile.com\Youtube Downloader\Youtube Downloader.lnk	989 bytes	MD5: 0xDA7146159DA554EB829E19622A046FF4 SHA-1: 0xF964A92D098E670DFACAD98FD0FAE73770D289E3
6	%DesktopDir%\Youtube Downloader.lnk	971 bytes	MD5: 0x6770942D18DB0BD13E6F3047C4C78004 SHA-1: 0xA16FB74E1B863DCB1FE95F7DFA22C4B78D185F86
7	%Temp%\APN-Stub\Stb4ff15359-241b-46e7-8f8e-f73f8e045a9c.log	1,143 bytes	MD5: 0x17F33198D978C5B7B8A29C04CC941082 SHA-1: 0xDBDF2E4E16452529332DD393D46C323140BC8BC6
8	%ProgramFiles%\SoftwareMile.com\Youtube Downloader\chiefzip.dll	68,608 bytes	MD5: 0x4B81877530B5BC51F711CF0304202D76 SHA-1: 0xBA09160BAE50CD74EBC3581D9C3F8590B8BDAF22
9	%ProgramFiles%\SoftwareMile.com\Youtube Downloader\Clip.exe	24,576 bytes	MD5: 0x4CAA396FDFEECD0771687B6180ABFE87 SHA-1: 0x9A1C1539348599BBD7D9867D78D18202D901DC7B
10	%ProgramFiles%\SoftwareMile.com\Youtube Downloader\isxdl.dll	50,176 bytes	MD5: 0x02ECC74F7F91E9FFD84DE708683236A6 SHA-1: 0x3532DE0B77DF8B0FC89E9C7EDDEC3FA71F98F5A2
11	%ProgramFiles%\SoftwareMile.com\Youtube Downloader\Partner.inf	277 bytes	MD5: 0x1A19204201C96213B598C4CDD6189A6A SHA-1: 0xA85D62D6CF0E95C5B12C8C019331EC3788889E51
12	%ProgramFiles%\SoftwareMile.com\Youtube Downloader\unins000.dat	21,560 bytes	MD5: 0x2E83EB01F3F73876297F8F9A6D1C91CA SHA-1: 0x671C02D7548294EDFEAC2C8F66489BCD9BF02CC1
13	%ProgramFiles%\SoftwareMile.com\Youtube Downloader\unins000.exe	710,528 bytes	MD5: 0x6B93417A8598800A59B48E8D5E688CB6 SHA-1: 0xD493092D95906290BCC71984E1509D9C86D93B19
14	%ProgramFiles%\SoftwareMile.com\Youtube Downloader\unins000.msg	10,498 bytes	MD5: 0x849FA862E15EBAA3738EC3D19695DF0E SHA-1: 0xA526A893150F530F5D41DC3F66CFD95D2F26F088
15	%ProgramFiles%\SoftwareMile.com\Youtube Downloader\Youtube Downloader.exe	573,440 bytes	MD5: 0x814CC8C4C059106C16316F516AEA3EE0 SHA-1: 0xA203DE573EB1BD9ED3975BCE5CF5F889D13A75D1
16	%System%\AdvTrayIcon.ocx	118,784 bytes	MD5: 0x98DCB6139BC532C616F9BD9E62C41316 SHA-1: 0x51551E0A02F511E18041AC5838693D6DC5B1D610
17	%System%\IGUltraGrid20.ocx	1,140,472 bytes	MD5: 0x60FF106A688012E44DD708FD460B5FF6 SHA-1: 0x56AFBB8E78FAD94D56B50238A7E805D124B932F8
18	%System%\MyCommandButton.ocx	361,256 bytes	MD5: 0xB0EC76CF602FF6F29E6A769CD356FB24 SHA-1: 0xCAD09744DD0C11A765AEC11921638E90DC4231AC
19	%System%\MyFramePanel.ocx	246,304 bytes	MD5: 0x42865E9D504F54924636A85F4B4F20E4 SHA-1: 0x5BBC56711A4E4BAF2C601207931F0632DB186EF9
20	[file and pathname of the sample #1]	4,619,008 bytes	MD5: 0x30B4B456E1A4321B12988594C796FBA6 SHA-1: 0x66377E475FDBDC38225F0E8CCB8041826FB02CA9

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following file was deleted:

%System%\MSADODC.OCX

The following directories were created:

c:\Sharing Downloads
%CommonAppData%\Microsoft\Network\Downloader
%CommonPrograms%\SoftwareMile.com
%CommonPrograms%\SoftwareMile.com\Youtube Downloader
%Temp%\APN-Stub
%ProgramFiles%\SoftwareMile.com
%ProgramFiles%\SoftwareMile.com\Youtube Downloader

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[generic host process]	[generic host process filename]	20,480 bytes
[filename of the sample #1]	[file and pathname of the sample #1]	81,920 bytes
clip.exe	%ProgramFiles%\softwaremile.com\youtube downloader\clip.exe	24,576 bytes
[filename of the sample #1 without extension].tmp	%Temp%\is-0R0IE.tmp\[filename of the sample #1 without extension].tmp	770,048 bytes
APNStub.exe	%Temp%\is-TFOPL.tmp\APNStub.exe	159,744 bytes

Notes:

[generic host process filename] is a full path filename of [generic host process].

The following modules were loaded into the address space of other process(es):

Module Name	Module Filename	Address Space Details
AdvTrayIcon.ocx	%System%\AdvTrayIcon.ocx	Process name: Youtube Downloader.exe Process filename: %ProgramFiles%\softwaremile.com\youtube downloader\youtube downloader.exe Address space: 0x11000000 - 0x1101E000
MyFramePanel.ocx	%System%\MyFramePanel.ocx	Process name: Youtube Downloader.exe Process filename: %ProgramFiles%\softwaremile.com\youtube downloader\youtube downloader.exe Address space: 0x1500000 - 0x153C000
MyCommandButton.ocx	%System%\MyCommandButton.ocx	Process name: Youtube Downloader.exe Process filename: %ProgramFiles%\softwaremile.com\youtube downloader\youtube downloader.exe Address space: 0x15A0000 - 0x15F8000
IGUltraGrid20.ocx	%System%\IGUltraGrid20.ocx	Process name: Youtube Downloader.exe Process filename: %ProgramFiles%\softwaremile.com\youtube downloader\youtube downloader.exe Address space: 0x30100000 - 0x30216000

The following system service was modified:

Service Name	Display Name	New Status	Service Filename
BITS	Background Intelligent Transfer Service	"Running"	%System%\svchost.exe -k netsvcs

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\MiscStatus
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\MiscStatus\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\VERSION
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\MiscStatus
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\MiscStatus\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\VERSION
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\MiscStatus
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\MiscStatus\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\Required Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\Required Categories\{D40C2700-FFA1-11CF-8234-00AA00C1AB85}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\VERSION
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{157083E1-2368-11CF-87B9-00AA006C8166}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{40FC6ED9-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\MiscStatus
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\MiscStatus\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Printable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\MiscStatus
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\MiscStatus\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\VERSION
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0536C4E0-EA50-436C-988B-68DA739753AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0536C4E0-EA50-436C-988B-68DA739753AB}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0536C4E0-EA50-436C-988B-68DA739753AB}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0536C4E0-EA50-436C-988B-68DA739753AB}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}\ProxyStubClsid

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\MiscStatus\1]

(Default) = "132497"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\VERSION]

(Default) = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\TypeLib]

(Default) = "{E0461D71-0B0B-472D-B786-4CCFA7317603}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\ToolboxBitmap32]

(Default) = "%System%\AdvTrayIcon.ocx, 30000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\ProgID]

(Default) = "TrayIconOCX.ToolTipOnDemand"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\MiscStatus]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\InprocServer32]

(Default) = "%System%\AdvTrayIcon.ocx"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}\Control]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFE34C4-6EE1-4AC4-AAF7-6BA3486206BC}]

(Default) = "TrayIconOCX.ToolTipOnDemand"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\MiscStatus\1]

(Default) = "132497"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\VERSION]

(Default) = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\TypeLib]

(Default) = "{E0461D71-0B0B-472D-B786-4CCFA7317603}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\ToolboxBitmap32]

(Default) = "%System%\AdvTrayIcon.ocx, 30001"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\ProgID]

(Default) = "TrayIconOCX.TrayIcon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\MiscStatus]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\InprocServer32]

(Default) = "%System%\AdvTrayIcon.ocx"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}\Control]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4438397D-C479-4CBE-92BF-E838BDED29C5}]

(Default) = "TrayIconOCX.TrayIcon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\MiscStatus\1]

(Default) = "213393"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\VERSION]

(Default) = "1.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\TypeLib]

(Default) = "{6B45E0EA-D03D-4CBB-94F4-B6AD155551A1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\ToolboxBitmap32]

(Default) = "%System%\MyFramePanel.ocx, 30000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\ProgID]

(Default) = "MyFramePanel.MyFrame"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\MiscStatus]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\InprocServer32]

(Default) = "%System%\MyFramePanel.ocx"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}\Control]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6871280E-89E7-4BE3-A116-D4F4921855A5}]

(Default) = "MyFramePanel.MyFrame"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\MiscStatus\1]

(Default) = "164241"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\VersionIndependentProgID]

(Default) = "UltraGrid.SSUltraGrid"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Version]

(Default) = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\ToolboxBitmap32]

(Default) = "%System%\IGUltraGrid20.ocx, 102"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\ProgID]

(Default) = "UltraGrid.SSUltraGrid.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\MiscStatus]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\InprocServer32]

(Default) = "%System%\IGUltraGrid20.ocx"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}]

(Default) = "Infragistics UltraGrid Control 2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\MiscStatus\1]

(Default) = "135569"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\VERSION]

(Default) = "2.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\TypeLib]

(Default) = "{2EBF261C-FD36-46DA-8D79-010C5D8D7036}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\ToolboxBitmap32]

(Default) = "%System%\MyCommandButton.ocx, 30000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\ProgID]

(Default) = "MyCommandButton.MyButton"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\MiscStatus]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\InprocServer32]

(Default) = "%System%\MyCommandButton.ocx"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}\Control]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5499C18-4E19-44C5-A81B-BE4602BD455D}]

(Default) = "MyCommandButton.MyButton"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\VersionIndependentProgID]

(Default) = "UltraGrid.SSLayout"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\Version]

(Default) = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\ProgID]

(Default) = "UltraGrid.SSLayout.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\InprocServer32]

(Default) = "%System%\IGUltraGrid20.ocx"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}]

(Default) = "Infragistics UltraGrid Layout Object 2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}]

(Default) = "ISSHeader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0536C4E0-EA50-436C-988B-68DA739753AB}\TypeLib]

(Default) = "{E0461D71-0B0B-472D-B786-4CCFA7317603}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0536C4E0-EA50-436C-988B-68DA739753AB}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0536C4E0-EA50-436C-988B-68DA739753AB}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0536C4E0-EA50-436C-988B-68DA739753AB}]

(Default) = "TrayIcon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}]

(Default) = "ISSCollectionBaseWithClear2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212510-69EE-11D3-9476-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212510-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212510-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212510-69EE-11D3-9476-00104B9E078A}]

(Default) = "ISSObjectBase"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212511-69EE-11D3-9476-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212511-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212511-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212511-69EE-11D3-9476-00104B9E078A}]

(Default) = "ISSRowScrollRegions"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212512-69EE-11D3-9476-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212512-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212512-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212512-69EE-11D3-9476-00104B9E078A}]

(Default) = "ISSColScrollRegions"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{075016E0-8BC4-11D3-9499-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{075016E0-8BC4-11D3-9499-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{075016E0-8BC4-11D3-9499-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{075016E0-8BC4-11D3-9499-00104B9E078A}]

(Default) = "ISSGroupCols"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1225B760-775A-11D3-B31B-0000C0494A96}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1225B760-775A-11D3-B31B-0000C0494A96}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1225B760-775A-11D3-B31B-0000C0494A96}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1225B760-775A-11D3-B31B-0000C0494A96}]

(Default) = "ISSPreviewInfo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C60-817A-11D3-948F-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C60-817A-11D3-948F-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

The following Registry Value was deleted:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>`NTP6lYuf(laaqF-Q9q."

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F8FFB1-7406-11D1-B18C-00A0C922E820}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F8FFB2-7406-11D1-B18C-00A0C922E820}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67397AA3-7FB1-11D0-B148-00A0C922E820}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67397AA3-7FB1-11D0-B148-00A0C922E820}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67397AA3-7FB1-11D0-B148-00A0C922E820}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA2073E6-7B9C-11D0-B143-00A0C922E820}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AB5A3D0-E5B6-11D0-ABF5-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib]

(Default) =
Version =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib]

(Default) =
Version =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A0B9D10-4B87-11D3-A97A-00104B365C9F}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{53BAD8C1-E718-11CF-893D-00A0C9054228}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7C3F5A0-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7C3F5A1-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7C3F5A2-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7C3F5A3-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7C3F5A4-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7C3F5A5-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSAdodcLib.Adodc]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSAdodcLib.Adodc.6]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSWinsock.Winsock]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSWinsock.Winsock.1]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{67397AA1-7FB1-11D0-B148-00A0C922E820}\6.0]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{67397AA1-7FB1-11D0-B148-00A0C922E820}\6.0\0\win32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{67397AA1-7FB1-11D0-B148-00A0C922E820}\6.0\HELPDIR]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0\HELPDIR]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

C:\WINDOWS\system32\MSSTDFMT.DLL =
C:\WINDOWS\system32\MSADODC.OCX =
C:\WINDOWS\system32\MSINET.OCX =
C:\WINDOWS\system32\MSWINSCK.OCX =
C:\WINDOWS\system32\MSCOMCTL.OCX =

Other details

Analysis of the file resources indicate the following possible country of origin:

Netherlands

To mark the presence in the system, the following Mutex objects were created:

_SHuassist.mtx
SoftwareMileSharingMax

The data identified by the following URL was then requested from the remote web server:

http://apnmedia.ask.com/media/toolbar/stub/1.0.0.0/ApnIC.dll?tb=KSO&version=1.0.0.0

There was application-defined hook procedure installed into the hook chain (e.g. to monitor keystrokes). The installed hook is handled by the following module:

%System%\MSVBVM60.DLL

Heuristics Analysis

Heuristically identified capability to use BITS (Background Intelligent Transfer Service) to schedule the following download task:

http://apnmedia.ask.com/media/toolbar/stub/1.0.0.0/apnic.dll?tb=kso&version=1.0.0.0

Downloaded File Summary (Generation #2):

Download details:

Download retrieved: 17 August 2012 09:36:27
Processing time: 7 min 44 sec
Downloaded sample:

File MD5: 0xB9918718C6AF9F92F9E49A01AF35DEB7
File SHA-1: 0xEEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B
Filesize: 248,008 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

The following file was created in the system:

#	Filename(s)	File Size	File Hash
1	[file and pathname of the sample #1]	248,008 bytes	MD5: 0xB9918718C6AF9F92F9E49A01AF35DEB7 SHA-1: 0xEEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[generic host process]	[generic host process filename]	20,480 bytes

Note:

[generic host process filename] is a full path filename of [generic host process].

The following module was loaded into the address space of other process(es):

Module Name	Module Filename	Address Space Details
[filename of the sample #1]	[file and pathname of the sample #1]	Process name: [generic host process] Process filename: [generic host process filename] Address space: 0xB10000 - 0xB50000

Registry Modifications

The following Registry Keys were created:

HKEY_CURRENT_USER\Software\Ask.com.tmp
HKEY_CURRENT_USER\Software\Ask.com.tmp\General
HKEY_CURRENT_USER\Software\Ask.com.tmp\Installer

The newly created Registry Values are:

[HKEY_CURRENT_USER\Software\Ask.com.tmp\Installer]

guid = "bf08d6a1-e0ba-47f4-9029-be39cdf66780"

[HKEY_CURRENT_USER\Software\Ask.com.tmp\General]

apn_dbr = "ie_6.0.2900.2180"
client = "ic"
clientv = "9.9.9.9"
cr = "0"
dbr = "132"
dot = ""
dt = "0"
dtid = ""
fflu = "-2"
fv = ""
guid = "bf08d6a1-e0ba-47f4-9029-be39cdf66780"
harch = "32"
hloc = "en-US"
hos = "5.1.1.sp2.x86"
iedis = "0"
ielu = "-2"
iev = "6.0.2900.2180"
inst = "200"
iv = "6.0.2900.2180"
saguid = "72db1f1d-c580-4f2b-9c97-e52ca5c312fb"
tb = ""
wft = "remote"

Other details

The following Host Name was requested from a host database:

192.5.5.241

The following Internet Connections were established:

Server Name	Server Port	Connect as User	Connection Password
websearch.ask.com	80	websearch.ask.com	websearch.ask.com
img.apnanalytics.com	80	img.apnanalytics.com	img.apnanalytics.com

The following GET requests were made:

installed?client=ic&tb=&dtid=&id=bf08d6a1-e0ba-47f4-9029-be39cdf66780&ipid=&iev=6.0.2900.2180&iedis=0&ielu=-2&fflu=-2&iv=&nv=&clientv=9.9.9.9&said=72db1f1d-c580-4f2b-9c97-e52ca5c312fb&browser-lang=en&apn_dbr=ie_6.0.2900.2180&cr=0
images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=mkofno&ts=YLOda&guid=bf08d6a1-e0ba-47f4-9029-be39cdf66780&dt=0&wft=remote&harch=32&hloc=en-US&iev=6.0.2900.2180&dbr=132&vb=&msi=&inst=200&tb=&hos=5.1.1.sp2.x86&dot=

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.