Analysis Date2017-10-10 17:32:56
MD5cca44ae6a0ec1fb0f72517953995163a
SHA1778628da8e127a882a4911e2fb4799156670ad21

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: cbd3f0d638d3c4fad786bfca78e2bc44 sha1: d960a5bbef2a524fa963a4b1e226b47f1960da4a size: 56320
Section.data md5: 9c9b446a02daa6409c23262139d48cb7 sha1: f300ed7e2b5e7456aaf2f227122fe4346407e8c0 size: 10240
Section.xcpad md5: sha1: size:
Section.idata md5: sha1: size:
Section.reloc md5: 81870026831d6c64d3745d8ff770ca56 sha1: b5c0a1865440495e499dfcfc637f44a5fb0bd67a size: 5118
Section.rsrc md5: 61fb2ab043e33ec214eefc8d3e2a5f91 sha1: 8bd2b04e0bda2ce7cd36a8ef3af990012593a364 size: 11776
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhash4511896d043677e4ab4578dc5bcab5a0
AV360 SafeNo Virus
AVAd-AwareWin32.Virtob.Gen.12.Dam
AVAlwil (avast)Malware-gen
AVAlwil (avast)Small-HTZB [Trj]
AVAlwil (avast)Emotet-AJ [Trj]
AVAlwil (avast)Win32:Malware-gen
AVArcabit (arcavir)Win32.Virtob.Gen.12.Dam
AVArcabit (arcavir)Trojan.Agent.CDVQ
AVAuthentiumW32/S-4bc2e477!Eldorado
AVAvira (antivir)TR/Patched.Ren.Gen
AVBitDefenderWin32.Virtob.Gen.12.Dam
AVBullGuardWin32.Virtob.Gen.12.Dam
AVCA (E-Trust Ino)Win32.Virtob.Gen.12.Dam
AVCAT (quickheal)Trojan.Sakurel.S8447
AVClamAVWin.Trojan.Generic-6296810-0
AVDr. WebTrojan.DownLoad3.22515
AVEmsisoftWin32.Virtob.Gen.12.Dam
AVEset (nod32)Win32/Shyape.G
AVF-SecureWin32.Virtob.Gen.12.Dam
AVFortinetW32/Shyape.G!tr
AVFrisk (f-prot)W32/S-4bc2e477!Eldorado
AVGrisoft (avg)Generic32.CQJL
AVIkarusTrojan.Win32.Scar
AVK7Trojan ( 0040f80c1 )
AVKasperskyTrojan-Dropper.Win32.Agent.bjrkpr
AVMalwareBytesTrojan.Agent
AVMcafeeGenericRXAB-QS!CCA44AE6A0EC
AVMicroWorld (escan)Win32.Virtob.Gen.12.Dam
AVMicrosoft Security EssentialsTrojan:Win32/Sakurel.B!dha
AVNANOTrojan.Win32.Scar.cqotzf
AVPadvishNo Virus
AVRisingNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-Sakurel
AVSymantecTrojan.Sakurel
AVTrend MicroNo Virus
AVTwisterW32.Shyape.G.ukde
AVVirusBlokAda (vba32)TrojanDropper.Agent
AVWindows DefenderTrojan:Win32/Sakurel.B!dha
AVZillya!Dropper.Agent.Win32.242119

Runtime Details:

Screenshot

Process
↳ C:\WINDOWS\system32\cmd.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest

Process
↳ C:\DOCUME~1\Admin\Local Settings\Temp\MicroMedia\MediaCenter.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\MicroMedia\rss.tmp
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Admin\Cookies\index.dat
Creates FileC:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths ➝
4
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache1\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache2\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache3\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache4\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData ➝
C:\Documents and Settings\All Users\Application Data\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
Creates Mutex
Creates Mutex
Creates MutexRasPbFile
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex

Process
↳ C:\DOCUME~1\Admin\Local Settings\Temp\MicroMedia\MediaCenter.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\MicroMedia\rss.tmp
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Admin\Cookies\index.dat
Creates FileC:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[2].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\newimage[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\pbzchgre1423186185[1].htm
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\viewphoto[1].htm
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths ➝
4
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache1\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache2\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache3\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache4\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData ➝
C:\Documents and Settings\All Users\Application Data\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
Creates Mutexc:!documents and settings!admin!local settings!temporary internet files!content.ie5!
Creates Mutexc:!documents and settings!admin!cookies!
Creates Mutexc:!documents and settings!admin!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutex
Creates Mutex
Creates MutexRasPbFile
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex

Process
↳ C:\WINDOWS\system32\ping.exe

Creates FileIp
Creates FileC:\WINDOWS\WindowsShell.Manifest

Process
↳ C:\778628da8e127a882a4911e2fb4799156670ad21.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\MicroMedia\MediaCenter.exe
Creates FileC:\778628da8e127a882a4911e2fb4799156670ad21.exe
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\MicroMedia\MediaCenter.exe
Creates FileC:\WINDOWS\system32\shdocvw.dll
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates FileC:\WINDOWS\system32\cmd.exe
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroMedia ➝
C:\DOCUME~1\Admin\Local Settings\Temp\MicroMedia\MediaCenter.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
Creates Mutex
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
Creates Mutex

Network Details:


Raw Pcap

Strings
t	<Vt
L$!SQ
L$!f
SUVj
5`GA
^][_3
=`GA
=`GA
9=`GA
PhdGA
5`GA
h`DA
h`EA
h`FA
-`DA
-`FA
SUVW
t	<Yt
PUVh`EA
t	<Yt
jPRP
tJWVj
_^][3
h`FA
h`DA
_^]3
QSWV
<8\t
T$!j
L$4Q
htGA
T$<R
D$,3
D$(P
L$(Q
T$(R
D$HUP
L$@Q
D$ h
D$0P
L$DQUUUj
<+WQ
RVWP
_^][3
L$@Q
t}Pj
jDPh
L$$Q
T$0Rh
UUUWUU
_][2
<+WR
PVWQ
h,1A
t	<$t
D$,P
_][^3
QVUW
D$ P
Ph^1A
h,1A
SUV3
QVVVVVVh
T$LR
D$ Ph
_^][3
SSSSS
=xYA
hxYA
=|YA
h|YA
5pYA
5lYA
5pYA
5lYA
h&7@
^WWWWW
=\YA
t	VP
;5LYA
SSSSS
t!9}
WWWW
VVVV
PPPPP
t79u
t29u
VVVVV
SVW3
t$9}
WWWWW
t)9u
VVVVV
SSSSS
VVVVV
VVVVV
WWWWW
_^[]
WWWWW
=<:A
YQPVh
58;A
=4;A
%(;A
-$;A
PPPPP
@u^V
, <Xw
t%HHt
HHtXHHt
HHty+
RPSW
90tV
>If90t
WSj0
WSj
5d=A
5l=A
5t=A
5p=A
=h=A
=l=A
=p=A
5p=A
5l=A
5h=A
5l=A
5p=A
5t=A
teh<[@
5h=A
5p=A
VVVVV
PPPPP
<v8V
VVVVV
VVVVV
VVVVV
QSVW
5pYA
5lYA
_^[]
Y_^[
Y_^[
Y__^[
9csm
=`YA
t h`YA
h|f@
S99t
t+Ht
PPPPP
h(	A
WVS3
ueSj
=XYA
5DYA
5HYA
5DYA
5HYA
@_^[
 VW}
j?^;
5@YA
=(:A
5 IA
=x&A
<at9<rt,<wt
SSSSS
tVHtG
tEHt1
uF	}
u'	}
>=upF
SSSSS
hH	A
;5@YA
URPQQh
L$,3
UVWS
[_^]
SVWj
_^[]
WWWWW
SSSSS
SSSSS
tl9]
tC9]
Ht$C
CC@@
Ht(f
CC+]
hh	A
VVVVV
VVVVV
0WWWWW
X_^]
VVVVV
VVVVV
VVhU
WWWWW
~,WPV
;5@YA
98t^
tVPV
t/9U
j@j ^V
[j@j
5 HA
WWWWW
WWWWW
8csm
9=tYA
5dYA
t$<"u	3
=tYA
54:A
54:A
>=Yt1j
tNVSP
PPPPP
54:A
%4:A
Y[_^
>"u&
< tK<	tG
5 :A
@@f9
@@f9
SSS+
@PWSS
t!SS
WWWWW
WWWWW
VVVVV
0A@@Ju
95,CA
E0CA
=tYA
=8.A
Y_^[]
_^[]
Fpt"
u,9E
^SSSSS
j"^SSSSS
QSWVj
v	N+D$
=tCA
5tCA
0SSSSS
_^[]
_^[]
0SSSSS
0SSSSS
_^[]
VVVVV
WWWWW
=\YA
;=@YA
SSSSS
tGHt.Ht&
^SSSSS
;t0;
8VVVVV
t(9u
SSSSS
SSSSS
ti9]
6f;p
r0f;p
tH9]
6f;H
r0f;H
u!f;
t	9]
SSSSS
SSSSS
tA9]
t_8]
t 9]
SVWUj
]_^[
;t$,v-
UQPXY]Y[
VW|[;
_^[]
VVVVV
j@j
95 .A
=D/A
= .A
5 .A
~%9M
QVj
r 8^
SSSSS
oV f
o^0f
of@f
onPf
ov`f
o~pf
u8SS3
9] u
9]$SS
t)9]
t"SS9]
9] u
9] SS
v$;5
PPPPPPPP
t&:a
tR:Q
t<:Q
t&:Q
PPPPPPPP
WWWWW
=\YA
uaVj
uL9=
=\YA
;5LYA
wIVSP
FVSj
WWWWW
<Xt
u+9u
SVW3
_^[u
VVVVV
VW9]
SSSSS
SSSSS
95HCA
u99u
VVVVV
WWWWV
t<Vj
t+WWVPV
^_[3
-285
CorExitProcess
(null)
( 8PX
700WP
`h````
xpxxxx
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
runtime error
TLOSS error
SING error
DOMAIN error
R6034
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
R6033
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
R6032
- not enough space for locale information
R6031
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
R6030
- CRT not initialized
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
UTF-8
UTF-16LE
UNICODE
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
('8PW
700PP
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
July
June
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
rss.tmp
http://
.jpg?resid=%d
=%s&type=%d&resid=%d
?resid=%d&photoid=
iexplorer
HTTP/1.1
POST
.exe
%d_of_%d_for_%s_on_%s
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
cmd.exe /c
Self Process Id:%d
C:\windows\system32\cmd.exe
Create Child Cmd.exe Process Succeed!
Child ProcessId is %d
Program Files (x86)
.dat
cmd.exe /c rundll32 "%s"
Playx64
PlayWin32
/c ping 127.0.0.1 & del /q "%s"
cmd.exe
open
RSDS
'$4;
ExitProcess
GetComputerNameA
CreateFileA
GetFileSize
FindResourceA
SetPriorityClass
SetFilePointer
PeekNamedPipe
LoadResource
GetCurrentProcess
GetTickCount
GetCurrentThread
VirtualFree
ExpandEnvironmentStringsA
WriteFile
OpenProcess
WideCharToMultiByte
GetVolumeInformationA
Sleep
SizeofResource
CreateProcessA
TerminateProcess
ReadFile
GetSystemDirectoryA
MultiByteToWideChar
SetThreadPriority
CreateDirectoryA
GetStartupInfoA
FindFirstFileA
GetLastError
VirtualAlloc
FindClose
LockResource
CreatePipe
GetModuleFileNameA
GetVersionExA
WinExec
CloseHandle
GetCurrentProcessId
GetTempPathA
KERNEL32.dll
OpenProcessToken
GetTokenInformation
RegSetValueExA
EqualSid
RegDeleteKeyA
AllocateAndInitializeSid
FreeSid
GetUserNameA
RegOpenKeyA
RegCloseKey
ADVAPI32.dll
ShellExecuteA
SHChangeNotify
SHELL32.dll
InternetOpenUrlA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
WININET.dll
GetModuleHandleW
GetProcAddress
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapCreate
HeapReAlloc
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile
GetProcessHeap

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
!!!x&9:7$$9#"3x59;
y&>9"9y
83!?;713x7%&
y ?3!&>9"9x7%&
?;713?2
32?7
38"3$x3.3
?5$9
32?7
3;&s
?5$9
32?7
>983/!3::
!!!x89$">&9:3$9#"3x59;
y&>9"9y
83!?;713x7%&
y ?3!&>9"9x7%&
?;713?2
32?7
38"3$x3.3
?5$9
32?7
3;&s
?5$9
32?7
>983/!3::
tVKCVEI
cKhMJO
cKeWI
cK`ARpKKH
GK@A
D@EPE
M@EPE
A@EPE
VAHKG
4rswuvN
4N$N
%PBL
TMJC
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
x.7h
IWRGVP
 IEHHKG
 IAIWAP
/!WTVMJPB
 BVAA
oavjah
1&cAPiK@QHAbMHAjEIAs
0&cAPiK@QHAbMHAjEIAe
1!sMJa\AG
>%a\MPtVKGAWW
 wHAAT
@%bVAAhMFVEV]eJ@a\MPpLVAE@
wlahh
mWqWAVeJe@IMJ
wlgVAEPAmPAIbVKItEVWMJCjEIA
%wLAHHa\AGQPAa\s
gKmJMPMEHM^A
gKcAPkFNAGP
qeg`HH
tHE]sMJ
tVKCVEI
cKhMJO
cKeWI
cK`ARpKKH
GK@A
D@EPE
M@EPE
A@EPE
VAHKG
rswuvp
TMJC
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
x.7h
IWRGVP
 IEHHKG
 IAIWAP
/!WTVMJPB
 BVAA
oavjah
1&cAPiK@QHAbMHAjEIAs
0&cAPiK@QHAbMHAjEIAe
1!sMJa\AG
>%a\MPtVKGAWW
 wHAAT
@%bVAAhMFVEV]eJ@a\MPpLVAE@
wlahh
mWqWAVeJe@IMJ
wlgVAEPAmPAIbVKItEVWMJCjEIA
%wLAHHa\AGQPAa\s
gKmJMPMEHM^A
gKcAPkFNAGP
qeg`HH
tHE]\
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PA
060w1
1$2/2M2W2a2s2
3Z3`3l3
3#4-4>4U4a4g4q4
4(5F5X5v5
6 6(616:6C6N6S6[6j6
7-7?7E7J7k7
7P8j8
8)919\9e9m9z9
:#:o:
;&;2;
<,<?<z<
<(=E=L=
>&>;>R>[>b>h>}>
?;?M?t?
40]0
0C1m1
1<2j2
3G3o3
6$61666<6E6N6V6a6f6k6p6z6
7"7'7,777<7D7J7S7X7_7e7
8:8V8|8
9B9k9q9
:):6:=:H:b:
; ;(;1;:;S;h;
;&<O<u<{<
>">:>@>I>`>h>v>
090?0q0
141E1P1x1
2!2K2w2
3g3{3
5f5n5
6%6:6z6
7Z9a9
:':v:|:
;+;b;s;
6h6m6w6
6P7V7\7b7h7n7u7|7
8!8'8=8D8N9U9
;-<@<[<
0 2O2t2W4S6W6[6_6c6g6k6o6|6
6`7j7w7
8/8c8i8t8
9+929J9V9\9h9w9}9
:4:I:o:
<&<p<w<
=)=?=J=O=Z=_=j=o=|=
>F>^>i>
?8?]?p?
0,020U0\0u0
242]2b2y2
4!4'4
6[7a7z7
70858:8?8O8~8
9"9)9.959:9
9B:Q:`:i:~:
< ?.?4?N?S?b?k?x?
030:0@0N0U0Z0c0p0v0
5p7{7
8A8S8a8v8
9D9S9
;K;k;
<8<C<y<
=a=m=y>^?t?
2?3N3
;a<*=[=q=
0(0K0
1?1X1_1g1l1p1t1
2N2T2X2\2`2
3!3K3}3
3H4\4}4
5T5^5
6"6t6z6
7E7t7
8>8H8`8
8;:A:P:]:f:
:J;U;_;p;{;.=?=G=M=R=X=
>">Y>
?=?J?V?^?f?r?
070u0
2#444n4{4
5%5I5
586U6
6	7(7
8)8E8N8T8]8b8q8
9/:{:
<%<1<h<q<}<
0/040L0R0a0g0v0|0
191	3
3=3u3
6/7H7O7W7\7`7d7
7>8D8H8L8P8
9;9m9t9x9|9
98:Y:e:
<P=c=
1R1{1
888s8
9%9`9|9
:':g:y:
;B;J;
<&<;<B<H<^<y<
>B>y>
0"1R1
5 6-8?8Q8s8
:/;D;
;$<\<
=$=H=k=
K0R0
1:2A2
4V5\5a5g5n5
1T2X2
7(7H7h7
8$8(80848P8\8x8
9 9<9@9`9
:(:H:h:
;(;H;h;t;
2$2,242<2D2h3l3p3t3x3|3
=h=x=
=0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>