Analysis Date2017-07-13 16:31:44
MD5d4df166e9c51c1385e17ffc0f85bd62b
SHA17b64a73288aa0415fc49930599d46f322b61e2ae

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b78bd31f6fb5518543831bc41247f238 sha1: dac6063848ab4386db9fb7142e5dc03847464fbf size: 109568
Section.data md5: 0adfa7a74e182433ce5c8aef2c0e52f6 sha1: 23acd65467997fa97e02fa114d7fd9b49a3396f1 size: 10752
Section.xcpad md5: sha1: size:
Section.idata md5: sha1: size:
Section.reloc md5: sha1: size:
Section.rsrc md5: 63fb1d027d11b3c032f01d8ba6e18f12 sha1: 5b6a61d46c9c45e4ebb16c3d66ffebe80442f8b9 size: 4608
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhash5005db3125683566f2e4f789c3443ea5
AV360 SafeNo Virus
AVAd-AwareGen:Variant.Zbot.206
AVAlwil (avast)Trojan-gen
AVAlwil (avast)Win32:Trojan-gen
AVArcabit (arcavir)Gen:Variant.Zbot.206
AVAuthentiumW32/Trojan.LJOH-0849
AVAvira (antivir)No Virus
AVBitDefenderGen:Variant.Zbot.206
AVBullGuardGen:Variant.Zbot.206
AVCA (E-Trust Ino)Gen:Variant.Zbot.206
AVCAT (quickheal)No Virus
AVClamAVWin.Trojan.Betabot-5
AVDr. WebTrojan.Inject1.43628
AVEmsisoftGen:Variant.Zbot.206
AVEset (nod32)Win32/Kryptik.EZKB
AVF-SecureGen:Variant.Zbot.206
AVFortinetW32/Kryptik.EYOY!tr
AVFrisk (f-prot)No Virus
AVGrisoft (avg)Inject3.ASNK
AVIkarusTrojan.Win32.Crypt
AVK7Trojan ( 004f12421 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesNo Virus
AVMcafeeTrojan-FIVB!D4DF166E9C51
AVMicroWorld (escan)Gen:Variant.Zbot.206
AVMicrosoft Security EssentialsWorm:Win32/Dorkbot!rfn
AVNANOTrojan.Win32.Inject1.edgbws
AVPadvishNo Virus
AVRisingNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-Injector
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)Trojan.Buzus
AVWindows DefenderWorm:Win32/Dorkbot!rfn
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates Mutex-9caf4c3fMutex
Creates Mutex-9caf4c3fMutex

Process
↳ C:\WINDOWS\system32\verclsid.exe

Process
↳ C:\WINDOWS\Explorer.EXE

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileWMIDataDevice
Creates FileC:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db
Creates FileC:\WINDOWS\System32\cscui.dll
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates Fileshadow
Creates FileC:\WINDOWS\Resources\themes\Luna\Luna.msstyles
Creates FileWMIDataDevice
Creates FileWMIDataDevice
Creates FileC:\WINDOWS\SYSTEM32\mydocs.dll
Creates FileC:\WINDOWS\system32\SHELL32.dll
Creates FileC:\WINDOWS\system32\NETSHELL.dll
Creates FileC:\WINDOWS\system32\mydocs.dll
Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileWMIDataDevice
Creates FileWMIDataDevice
Creates FileWMIDataDevice
Creates FileIp
Creates FileC:\WINDOWS\system32\SHELL32.dll
Creates FileC:\WINDOWS\Explorer.exe
Creates FileC:\WINDOWS\System32\shell32.dll
Creates FileC:\WINDOWS\system32\moricons.dll
Creates FileC:\WINDOWS\System32\shell32.dll
Creates FileC:\WINDOWS\system32\shell32.dll
Creates FileC:\WINDOWS\system32\shell32.dll
Creates FileC:\WINDOWS\system32\shell32.dll
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates Fileshadow
Creates FileHCD0
Creates Fileshadow
Creates Fileshadow
Creates Fileshadow
Creates Fileshadow
Creates Fileshadow
Creates File\Dfs
Creates Mutex
Creates MutexExplorerIsShellMutex
Creates Mutex
Creates Mutex
Creates MutexShell.CMruPidlList
Creates Mutex
Creates Mutex_SHuassist.mtx
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex-9caf4c3fMutex
Creates Mutex-9caf4c3fMutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CleanShutdown ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\Generation ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\Generation ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup ➝
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu ➝
C:\Documents and Settings\All Users\Start Menu\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Programs ➝
C:\Documents and Settings\All Users\Start Menu\Programs\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop ➝
C:\Documents and Settings\All Users\Desktop\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents ➝
C:\Documents and Settings\All Users\Documents\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe ➝
Updater\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{c59b1c52-4fc7-11e5-ae19-806d6172696f}\Drive Type ➝
3
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\Services ➝
31

Process
↳ C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates Mutex-9caf4c3fMutex

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates Mutex-9caf4c3fMutex
Creates FileWMIDataDevice
Creates FileWMIDataDevice

Process
↳ C:\WINDOWS\System32\alg.exe

Creates Mutex-9caf4c3fMutex

Process
↳ C:\WINDOWS\system32\wuauclt.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.stm\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile ➝
C:\WINDOWS\system32\ESENT.dll\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile ➝
C:\WINDOWS\system32\ESENT.dll\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryCount ➝
16
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\TypesSupported ➝
7
Creates Mutex
Creates MutexGlobal\WindowsUpdateTracingMutex
Creates MutexGlobal\WindowsUpdateTracingMutex
Creates MutexGlobal\Instance0: ESENT Performance Data Schema Version 40
Creates Mutex-9caf4c3fMutex
Creates Mutex-9caf4c3fMutex

Process
↳ C:\7b64a73288aa0415fc49930599d46f322b61e2ae.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileIp
Creates MutexSSLOADasdasc000900

Process
↳ C:\7b64a73288aa0415fc49930599d46f322b61e2ae.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates Mutex-9caf4c3fMutex

Process
↳ C:\WINDOWS\system32\services.exe

Creates Mutex-9caf4c3fMutex

Process
↳ C:\WINDOWS\system32\rundll32.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\WINDOWS\system32\shdocvw.dll
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates FileC:\Documents and Settings\Admin\My Documents
Creates FileC:\Documents and Settings\Admin\
Creates MutexDesktopCleanupMutex
Creates Mutex
Creates Mutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz\Days between clean up ➝
60

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
Creates MutexSVCHOST_MUTEX_OBJECT_RELEASED_c0009X00GOAL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup ➝
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00

Process
↳ C:\WINDOWS\system32\verclsid.exe

Process
↳ C:\WINDOWS\system32\winlogon.exe

Creates Mutex-9caf4c3fMutex

Process
↳ C:\WINDOWS\system32\verclsid.exe

Process
↳ C:\WINDOWS\system32\calc.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\c731200
Creates Mutexc731200
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
Creates Mutex-9caf4c3fMutex
Creates Mutex-9caf4c3fMutex

Process
↳ C:\WINDOWS\system32\verclsid.exe

Process
↳ C:\monitor\.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates Mutex-9caf4c3fMutex
Creates Mutex-9caf4c3fMutex

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates FileC:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
Creates Mutex
Creates MutexSVCHOST_MUTEX_OBJECT_RELEASED_c0009X00GOAL
Creates Mutex-9caf4c3fMutex
Creates Mutex-9caf4c3fMutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup ➝
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Installer ➝
C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe\\x00

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Creates Mutex-9caf4c3fMutex
Creates Mutex-9caf4c3fMutex

Process
↳ C:\Documents and Settings\Admin\Application Data\WindowsUpdate\Updater.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileIp
Creates MutexSSLOADasdasc000900

Process
↳ C:\WINDOWS\system32\verclsid.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates Mutex-9caf4c3fMutex
Creates Mutex-9caf4c3fMutex

Process
↳ C:\WINDOWS\system32\mspaint.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates Filepipe\9caf4c3f_ipc
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\Windows\themes\Fbegel.exe
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\Windows\themes\Fbegel.exe
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\Windows\themes\Fbegel.exe
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Admin\Cookies\index.dat
Creates FileC:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat
Creates FileD:
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\ebb5_appcompat.txt
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\ebb5_appcompat.txt
Creates Filepipe\9caf4c3f_ipc
Creates FileC:\WINDOWS\system32\advapi32.dll
Creates FileC:\WINDOWS\system32\gdi32.dll
Creates FileC:\WINDOWS\system32\kernel32.dll
Creates FileC:\WINDOWS\system32\ntdll.dll
Creates FileC:\WINDOWS\system32\ole32.dll
Creates FileC:\WINDOWS\system32\oleaut32.dll
Creates FileC:\WINDOWS\system32\shell32.dll
Creates FileC:\WINDOWS\system32\user32.dll
Creates FileC:\WINDOWS\system32\wininet.dll
Creates FileC:\WINDOWS\system32\winsock.dll
Creates FileC:\WINDOWS\system32\winsock.dll
Creates FileC:\WINDOWS\system32\winsock.dll
Creates Mutex-9caf4c3fMutex
Creates MutexFvLQ49I\\x7f\\xe2\\x80\\xba\\xc2\\xac{Ljj6m
Creates Mutexc:!documents and settings!admin!local settings!temporary internet files!content.ie5!
Creates Mutexc:!documents and settings!admin!cookies!
Creates Mutexc:!documents and settings!admin!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutex
Creates Mutex
Creates MutexRasPbFile
Creates Mutex
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
Creates Mutex-9caf4c3fMutex
Creates Mutex
Creates MutexFvLQ49I\\x7f\\xe2\\x80\\xba\\xc2\\xac{Ljj6m
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Fbegel ➝
C:\Documents and Settings\Admin\Application Data\Microsoft\Windows\themes\Fbegel.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Fbegel ➝
C:\Documents and Settings\Admin\Application Data\Microsoft\Windows\themes\Fbegel.exe\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths ➝
4
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache1\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache2\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache3\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache4\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData ➝
C:\Documents and Settings\All Users\Application Data\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1

Process
↳ Pid 1416

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates Filec:\autoexec.bat
Creates FileC:\WINDOWS\system32\SENS.DLL
Creates MutexRasPbFile
Creates Mutex
Creates Mutex-9caf4c3fMutex
Creates Mutex-9caf4c3fMutex

Network Details:


Raw Pcap

Strings
VWWf`fa
Lj&j5jFj\
RjKj
PjYj
h8RF
QhTRF
h\RF
RhpRF
QhtRF
wIVSP
FVSj
VVVVV
VVVVV
VVVVV
Wto=|
t^9(uZ
tD9(u@
Y_^][
_^][
Wj6Y
Fpt"
SSSSS
<.u4
SSSSS
PVj@
_ttP
,uTP
PPPPP
_^[]
SSSSS
PPPPP
nT][
ElSV
>CuL
VVVVV
@PVW
VVVVV
VVVVV
M\_^3
EpSW
PPPPP
Mp_3
E|SV3
;;ub
VVVVV
aSSSh
Mp_^3
SSSSS
MZu3
j`hH
YQPj
VVVVV
VVVVV
ueSj
@_^[
 VW}
j?^;
t	VP
Y__^[
\$ UV
_^][
9csm
T$(j
D$,9h
SSSSS
Yt.V
Yt"V
Yt.V
Yt"V
jdX;
jF<-uH
]t=F:
YYj0[
Yt>V
?%u?
YYt{
uNSW
VVVV
, <Xw
HHt@HHt
HHt]+
 t	f
RPSW
90tA
2If90t
@t%f
WSj0
WSj
PPPPP
t$hl
YYt:V
YYt4V
Pj1Q3
F Pj*
F$Pj+
F(Pj,
F,Pj-
F0Pj.
F4Pj/
F8PjD
F<PjE
F@PjF
FDPjG
FHPjH
FLPjI
FPPjJ
FTPjK
FXPjL
F\PjM
F`PjN
FdPjO
FhPj8
FlPj9
FpPj:
FtPj;
FxPj<
F|Pj=
SUVW
_^][
{>Vj
v$;5
C PjPV
C$PjQV
C(Pj
C)Pj
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
~-8]
@@8X
QW@Ph
W@Ph
~J8]
AA8Y
VVVVV
VVVVV
YYuTVWh
F954
ho<A
SUVW
_^][
0A@@Ju
Yu'9
YYu-9D$
u-9D$
0SSSSS
PPPPPPPP
_^[]
0SSSSS
0SSSSS
t&:a
|FVW
YYu%j
,aB<
Yu.j
u49^
YYu	9F
hBIA
SUVW
u|Vj@h
@h:HA
PPPPP
j@Wh
t-j@
G@Ph
_^][
Sj Z
0;1t|
9] SS
tR:Q
t<:Q
t&:Q
PPPPPPPP
VVVVV
PPPPP
<Yv8V
VVVVV
VVVVV
VVVVV
]_^[Y
S99t
~du
t$<"u	3
>=Yt/j
tJVUP
SSSSS
Y]_^[
>"u&
< tK<	tG
SUVW
SSS+
@PVSS
t#SSUP
t$$VSS
_^][YY
jThx
j(j ^V
Rj(j
WWWWW
oV f
o^0f
of@f
onPf
ov`f
o~pf
URPQQh
L$,3
UVWS
[_^]
SVWj
h7{A
_^[]
9MZt
~,WPV
98t^
tVPV
t/9U
WWWWW
Yt.V
Yt"V
Yt"V
Yt.V
Yt"V
WWWWW
_^][
YYt}
~%9M
QVj
r 8^
VVVVV
VVVVV
^SSSSS
j"^SSSSS
QSWVj
v	N+D$
ElSV
zukSSS
YYt>S
u!9]
M`_^3
QWVP
SSSSS
9]pu
,0GG
u8SS3
9]$SS
t)9]
t"9]
9] u
SSSSS
SSSSS
u09u
VVVVV
QSUVW
YYr|
YYt+
_^][Y
t+Ht
PPPPP
WWWWW
uaVj
uL9=(
SSSSS
SSSSS
u99u
VVVVV
^SSSSS
^SSSSS
WWWWV
t<Vj
t+WWVPV
 SVW
SSSSS
tm95|
SSSSS
VVVVV
SVWUj
]_^[
;t$,v-
UQPXY]Y[
WWWWW
WWWWW
VVVVV
VVVVV
@@FF
@@FF
WWWWW
SSSSS
WWWWW
tC9U
WWWWW
Ht$G
GG@@
Ht'f
GG+}
WWWWW
WWWWW
WWWWW
WWWWW
<Xt
u,9u
u/WW3
u)9}
u,VVWV
u#9u
t 9u
WWWWW
WWWWW
VW|[;
VVVVV
^_[3
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
( 8PX
700WP
`h````
xpxxxx
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
July
June
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CorExitProcess
mscoree.dll
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
czech
china
britain
america
swiss
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
runtime error
TLOSS error
SING error
DOMAIN error
R6034
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
R6033
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
R6032
- not enough space for locale information
R6031
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
R6030
- CRT not initialized
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
InitializeCriticalSectionAndSpinCount
kernel32.dll
('8PW
700PP
`h`hhh
xppwpp
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
CONOUT$
GetMenuBarInfo
GetAsyncKeyState
GetClipboardViewer
GetMenuItemCount
InSendMessageEx
GetAltTabInfoA
AllowSetForegroundWindow
GetWindowTextLengthA
GetUserObjectInformationW
GetCursor
GetClipCursor
GetTitleBarInfo
DrawIconEx
VkKeyScanW
RedrawWindow
GetCapture
USER32.dll
RequestWakeupLatency
EscapeCommFunction
LockResource
CreateTimerQueue
GetTapeParameters
GetLastError
HeapReAlloc
HeapAlloc
InterlockedIncrement
InterlockedDecrement
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCPInfo
ExitProcess
GetACP
GetOEMCP
Sleep
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
RtlUnwind
LCMapStringA
LCMapStringW
LoadLibraryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetLocaleInfoW
HeapSize
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
KERNEL32.dll

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
?/WC
vKW_$T
8{&B
c*t[
(oI@
"*>j
$i4zv
:.V}
J0bj
znV.],
h@!BJV
;.[ow
|8$r4zvZn
DJKW
=WKi
lI7&S
uI2_
hWm0
ht|?*
krYv
L@XKV
]UKs
`xt|
!g{?
3WKd&
Pg_g
_Sgs
	'K?8
+3K=
0g_g
3G[E
SgshF
do?G
@Js_
>G[\
_g,}
#)p~w
784L@XL
EZWo
ygDE
RTUhWt
hUoat
UgWl
bsgY
DWRK
eAbRA
bXOg
llOZ
ODAe
eeOt
vAWO
RDtA
RmXy
YoRvm
Emys
WmRO
yGZA
AvRZy
UZsK
ygYm
DEhG
eaYW
lOot
RTeDXy
EGovt
YGGbsm
omsGbU
Xlos
YUAv
aYvK
XtXa
mGvlb
DXaZG
sYaU
omOg
XKaZl
EbsW
TZGO
myYbOo
OmGlo
gKETt
WOsv
RRED
bvhs
gAZUoT
lEaW
XsKamD
GoYWs
AZRot
AAbK
UgUAA
UOyKt
KtmO
UXbTX
Xhey
OWgE
sOgg
soto
EEtY
vhma
atmW
aTTG
RmmUo
Ehgm
XWOO
Klal
EEAtbE
TZTy
tbblA
KEaE
bvOOU
TsUm
bgZTD
DRtAb
lsoK
lRDty
lKKb
ZteyTE
EvmUb
Eeao
DtbD
lsGZ
TYeR
ORYRO
AGeK
lOlWv
eXYoUG
DEoDoye
OTRy
WbgsO
DTGlY
ZboTT
ohDyo
RGXo
DRhv
eaZl
Tyytyy
UOgay
WDgRtR
RWRvm
mvWR
tlRX
TRKGU
ZWWRhv
sGUO
WDKs
vEXs
GtGO
TsDWEoD
ZtAK
ZOAU
ZXvo
mOOUgl
ORRWOK
veUs
vWOW
DmgX
EhGXK
GYEU
RlDo
OoDa
glYh
GDvO
hmKKbU
RotgoD
slmt
laeR
olKo
GXERa
ehRbe
tsmb
avlg
moUZ
slOW
Uytg
eOvloo
eUDo
toGaTo
elYX
gUyG
GUXh
AGUl
ZoyWE
aWotK
DoaT
ovbm
somXTO
vYbl
vtmW
thKO
GWEm
YWYGgt
AOatR
YAUK
EGaU
AXTa
tRtZ
moGvl
yDXO
OEYg
oZYgK
hRTt
YZKyEUh
AKAh
lAYg
DREv
WmeT
tUaT
GoWh
DDtR
OgYK
UGDW
gseU
UOabm
DmRv
RmsEtg
omEZ
TZXy
loOG
gYDya
bhGos
DgvX
gXYA
yUlX
aWhy
oayX
RyGh
ObGb
lZgX
XWDm
gehA
vOKW
ZEoW
mtDY
lXeWW
vmtEm
htUy
DRYYUY
gtRK
XOGU
GXRU
ZZsR
mvyOGU
tGYg
mahE
EhRe
ytbT
Wlve
DDeXO
YOoyeY
XtmW
stDgs
bDvD
AbvXE
XhtX
ogEm
vDTE
yDyv
eyDa
mTAZ
XTas
UORU
ayyegWa
Xvhve
WERO
bhXOZ
OTea
OAWTE
AygO
hEeTb
tbsGW
lZAyGG
lKXsZg
hXAe
oOTR
GKXT
bTED
hoOe
asRa
bORW
TAoE
eUZTh
ethAK
sXsYWob
mWWZg
ZZbR
OeEUe
bsYaK
hKZaX
XUmR
ZREh
eKXo
UttAZ
GhUY
tZyU
mUTAlAU
gYgv
WOAR
mDDTT
tUme
ETEy
Ahhg
EORa
ADAa
RYlm
DEKv
RAGY
GKKK
vZTla
yOAO
EWWyvGUT
oveo
absb
taaK
TylEv
bmoD
eKGU
shet
GlWZ
bReo
KRYEbsUlg
esyXm
bmZsE
GRODm
AKsy
RmaZ
Egslvy
hOXv
olst
YYgb
YDKb
tWeoXm
tZaE
UgAT
yYov
OYyUWK
ltEO
REResR
lEvE
EYGE
eXUD
Khgl
RAaG
RYYg
vmOT
mWTK
XTARXGgU
GaAX
tsyU
mlDvE
mARK
EhKU
tERG
XRER
osAm
TAbbDR
eKAmZXEvl
vsDXZ
myOZ
RsEOE
DKoT
sYZR
oUGoh
OUETv
soTW
ggay
ZKll
hURh
ObovE
gTOo
tTTG
Usbg
htoam
AGGy
OvyZGay
slyeK
hUZOv
oKDD
tvTGYa
XDTv
vDyoy
bEht
YmmYe
tgWsZ
mARE
aXRt
lWAGE
TRmW
Ubse
EghT
KKTvm
lZRYD
gayD
WbetK
KaoyE
Ohvh
RttE
UyWO
tOOsE
OhOAR
hvvA
tsvX
hhRlmgt
oUKY
DWOeb
ODsOh
egDgK
WDZeb
yERY
bssb
vgaOYO
eZgs
Doog
GOZbg
YGTW
ZEyT
ytKgh
gWae
bgWOg
mKat
XsGv
ODRmtG
mvyX
ZZTD
OeAgTEt
RseA
GosD
eaDt
mYRg
WGYo
UTDXZ
bGEe
YoGX
OOhR
hYalWh
YZhG
YRAy
gogmA
GhoU
mOgs
llDY
KghAby
OWYZ
gGYt
heyE
Tygl
gmgO
aoRR
URsE
bTDU
tUXyU
TTmh
lsgU
veooG
WUXA
gtev
hsGK
hAGX
hOYW
baUbYsas
RoUy
atZY
lEyXU
XvtE
TbYT
ZbvA
tosaO
RGyoG
GtGsW
WZEX
TmKWa
aXDR
mGot
GOKU
vbRh
YeEhY
bTDYXo
TKtsT
Eaab
tEov
oKgD
bbEX
otElX
UDAT
lhRs
WKOe
KtYa
DUTT
OAEO
KmZyUAg
YKRbX
oyOaUG
gAeah
tgDat
sgOsT
gKsa
olDEtW
gGUg
mOga
mtTmltg
stYlv
RsUgEh
ZRADg
bAeg
aUbRG
aYbD
mOas
YGUAZ
EOOO
hRyb
ZmlU
baGe
bKmK
ZOvym
sXXv
mgGX
mmvDY
DRAh
ZUho
YoYGTle
yeAyto
Zvlo
hmblWvO
ltgo
YKEbv
UGbba
gOUo
ZKDyW
hTtm
hgOD
ORTb
vOeD
lADT
yAle
ybAW
XGtET
vRyTT
loal
DDWZ
DeyT
ambo
GRvEU
TUWa
ARTG
gbtv
WeZv
DhsU
vKTA
vYUvh
lhbY
eXyX
DaaE
ZoKo
GbOg
WoZo
AeDY
ZGlO
OZOZ
evAG
RKEGsKe
ZRXE
TvWl
GAby
TobU
bmabW
RGKb
lOEva
WoRY
WDaA
TWoT
TgyhX
DvllTvE
ETmO
OKTG
DyTA
YYKy
DRXU
yyvg
lvvag
AbsKKo
TAEAXXtG
YYRv
esyWtsoG
ohvs
hWGR
syKg
thomlUtYl
RoOe
KlXa
WbRl
EYyR
gZZUD
ZAoZTAb
YoWy
ZZAR
AobGG
WtWEDU
tOtT
XUGD
vsKK
veUT
EsZsbG
AAmy
gmlo
yKKo
ZOao
AWyOyt
TeOR
OyYY
YKUosy
mWZy
hohG
osol
lllW
msYZeXOA
ytvh
moAR
RbovG
Xsst
OOloTlgY
ElovD
ysYe
GThK
eUUb
GheO
mKZh
DoOtAT
UeZO
OsXh
RDlA
aETsX
haWX
OoaAe
lsbOs
eDEh
EWgW
AXyht
aUYO
WKTmy
WhbO
tlhA
YTYA
OasTby
GmUU
mvymXK
KDEWmeW
GDTo
eAOv
bRmho
oyoT
otWy
saoO
DZyW
lmDY
oAyv
aYol
mAhv
yWmoT
ZhyU
OATttgG
lmhG
mgTsXD
vKGyR
XbKO
AaeR
lmGb
OAoo
mRatg
ZlRDyUOe
ZhRX
TlZaOo
TKOv
lWGv
XyTX
bUAU
YmTA
bROb
hXYKU
eAGm
yDeA
XtEG
TYTE
Aevs
bUWZ
Uemg
bEgTD
heaa
ZKYZ
OboE
KEGA
TeXl
mvhy
hXEbROls
motT
UWtmtOh
Tvgs
bDob
yhZOU
DEKgho
EshZ
gWaW
mWDEOl
OZmR
tUovm
UDYba
mTev
oGtZ
DbOT
WolW
EeOm
KvsZt
UKGR
OWlDYAy
YDvv
aTRZ
EoeKW
hDEvg
lYbR
ZDlly
Zvhs
GlTZ
YYeGUm
AhAAo
abho
hKRta
gAXXK
ysmZy
sDDat
hWblUy
yaXX
egab
ebevX
OTODy
toGY
yytG
sZtAo
OAGZXa
yeOTD
mEZE
YXYoU
RaGyXDU
ltXyW
vWDb
eshZl
ZvKh
lahW
AAoY
bUZs
OGos
TUbT
DYEgl
hXAT
DRAt
OUeOg
bATvg
gADWU
ReoW
bttaE
ZAWa
YAUg
TbKY
UylbX
EgDO
WYYoX
DUmv
mmlA
gGmD
Ggag
KTTT
DytKAERO
oegZ
Gvgy
hORv
svRha
aoOe
ZTAoX
lhyl
OlEU
sllA
vTOE
UOYe
RAUbs
haTURt
DgUU
YYvK
lGhDs
Zsbs
sUWR
elhoOh
TTeo
UOGOO
WXER
gDUy
GXGy
XRam
Gsvb
tbahD
UEXl
tRUA
lRyT
vDGvW
sYOmK
YKaGK
UmhZ
tAgaE
yGTsRh
RlgZY
YlWo
UYolg
ZeWl
XXUD
oyEU
YsoaZ
vYhvm
bbDK
DsAX
KhUG
hWZW
EhOtoA
gbyUX
YUaaK
oUll
sTmtev
GDDosts
myTUZ
OWWOhA
hElm
ObRY
hKRy
TgDW
WotX
DGTE
lUOsb
KsZv
vtoo
tXTEmv
glADaZD
hmOGX
gEbD
GAya
mlagh
lTvT
TATDg
loKbW
gbeb
EXUZW
RRAg
yyAKRA
XlKU
XvUD
GyGAy
vlGZ
gevyv
TYyl
WtlK
GyZy
lZRW
KZbW
ZDGA
vUZY
yYOb
YmeUW
hbYg
XKZly
EmlW
yOgo
ZKYGo
gRGs
Aaov
aGUT
ZtWX
AmhW
GAsgZ
AsseX
shYZ
RyvX
ZZgb
KGvl
heYR
aKTZ
AARR
yEXsW
TUey
XAyo
bmXb
bKTa
levOG
GWZee
tKmO
lUoT
ROgXa
KKXse
gAmo
yZGGl
GylDW
mYDO
Yaly
OvZt
gGER
veov
hsZha
XTDA
tsXv
XhUY
vgTZb
ZWKO
GObO
YsyeA
vyhWl
osAv
EGoYU
vWDg
UEgX
hygRR
sAve
oZXh
mgtZ
geUT
sEsT
tslR
hZTsU
XetK
OaZo
Uhgv
OYOgWZoT
obeX
mgyZo
eKoU
vgZv
aRtl
GhZa
oelO
WXavX
vRTe
ZRhW
WKDa
ZKvTE
ovKX
ZDmDo
hOGgEK
AAgXvy
GGAy
KYETK
tURUTb
vEUDeR
bWyht
ZlZy
AXse
AXoT
aahG
KYeD
GevO
gKGO
Xvsh
emGR
WZTZa
Glbhb
EAyg
XZUeU
mZov
mDtW
sAvD
AEyK
EEgo
sZXv
ZOeg
DsXK
leZW
sADXZ
yUta
ThbO
msZK
ZADKh
aRTv
Eehl
AgTU
aXsA
WZWa
Aaml
sDTy
YDmv
TOsWo
vDRy
ZDObbR
AWEo
DUvO
KYtG
DyKXmK
lWOemZ
ZEyhW
KRab
goXA
TglXY
XUAa
Otay
AmyaK
yThh
eleK
EvWGs
YGeU
TovA
mRYX
REyU
AamO
tZAt
KgEvUG
lUbD
Dgoo
XaaYe
YmXW
oWKlOvXsg
yYYh
OoEGE
oZam
lhRv
AXeW
oDeT
atAb
vaADm
DAha
ADEE
oKhA
ZseUmR
DgstG
olto
sXUYl
Aabl
ZXah
bsKtg
lhEE
YyKTm
aEGD
eveb
OhKy
vYlG
UlmGe
gTKt
Oblh
KXUZ
XtggA
thKo
hytG
boaW
GKaYy
hGyD
YoTe
GyAW
bZtm
XeYa
goZay
ZthR
eeWR
Atshy
tRZb
YhOU
ADtm
aWaO
hEUl
oTot
OGOgY
XaWT
gWYa
EoEm
hoOa
lmam
ObZa
sGOR
AeYWOt
OoDG
ZhogDsXWK
RymYR
YyhX
EEGeXt
mWKUW
sAmv
TgWUgE
UZEa
UoTAo
UXTe
eaagX
WGgZog
mosg
ZlWZA
GWGY
XsUU
AWUYm
aegm
RRAh
hXtl
gGTR
ATZg
AbaXe
oloo
TUly
bEmE
sKyW
XtOh
OblUs
vveDh
ygbm
XAtK
vYRb
OEKR
vatOhsT
yAKh
vvKY
TDRmg
UDsG
DTDtt
gvaY
eAXmy
UZKge
UWsKY
ssAR
sZXZh
etUZ
YUKt
YKTR
XmhK
sTYW
AosY
RgoAA
vUeaGbD
oaKZ
YGZKg
yDoG
TKlbT
ohTX
aEZsG
YXOe
ARAlv
UDGh
WXlv
WsoX
hsDb
GYhe
YEYl
YUbW
Ayge
bltZ
OYYG
yGbT
ZsAR
mhhZtR
GXTgah
mADy
Ebmg
WAaavsbam
oYTa
YGDTE
OAtKA
Tetg
EeEE
YetE
DlUg
gZEe
TUWWm
vGXR
DvXZ
hAmvZ
oWOU
yAtt
mYyb
UsKT
UhWD
DbWegX
eotg
oayA
OUZXb
AYKe
DDbvXms
hTbToe
lXlg
ebOUm
XogXZG
gUsK
UmbAAW
ZyUh
ZmgeW
YKsl
sKyav
WRXgEl
tDUb
gbvte
aGWXD
aAAT
OXKR
OZOt
TOhs
OeWGW
RWoX
ROEU
tWOt
TtWU
ObyTU
vWmWO
hUTa
ZbGg
OKmy
mhgGTGX
DyXT
KlYt
KZsv
OOOb
smTG
WDyt
hoYAv
ghKUh
sebl
DWaA
svaE
vUTlYZ
ebgD
mUgK
yslsO
RKRy
mbsT
lYmW
DEKa
ahWAT
UloU
OeaO
RTmyGbv
eeyE
Xavl
hvmEa
soEK
ZmYD
eRXA
OYly
XRUZy
DGEm
oWZv
DRyK
AmaeKW
tyKom
UeGY
bUXT
WUsE
eAtG
AEDhg
yOhb
RaasvX
tvXU
msgh
TmRD
taWg
DDag
GoeW
DmWm
gGDl
hEWX
lmKO
GUos
OoDm
laYgTot
DWEahU
tYvA
vOXv
ERRTY
ZTva
vKhv
saTY
gEbt
tYYA
laDE
TbXGW
vmhTZX
GleKR
sYER
OETX
sAeZg
YDAA
sXZU
yYgh
YGvh
laZb
AgOTZy
AalU
XXgR
hEUa
bKXgl
eUbE
yveth
RXlt
ZgUD
eOtstYXyYW
vXOX
KDla
YhhR
OOyo
EbXy
AUstW
WAlmA
KUDvo
AlXU
oboDs
lsWAb
KhROl
EUyh
ZlZW
UlAXl
ahDa
OZWD
egYo
O4^Z
}B+xR
7qfB
lS-8
> IUL
2?*k
hsK3\
JT1m
Local Currency Symbol: %s
International Currency Symbol: %s
Enter your family name:
%79s
Enter your age:
Mr. %s , %d years old.
Enter a hexadecimal number:
You have entered %#x (%d).
PA<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
      <application>

        <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

        <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
  </application>
  </compatibility>
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
      <security>
        <requestedPrivileges>
          <requestedExecutionLevel level="asInvoker"></requestedExecutionLevel>
        </requestedPrivileges>
      </security>
    </trustInfo>
  </assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX