Analysis Date2016-02-11 06:44:35
MD5a1dd0dd44c6ae60579259fc68d0f6a65
SHA1a3b8ada4352c3251c721cd644dfdbc78667f1492

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.coat md5: 94e2f96f7a025201723af30a54119207 sha1: b83c17595631780eaf366681f8daa3920d5df160 size: 4608
Section.cbbl md5: d05020bfa70947e77fb86fb9159edd6a sha1: f840b1a32677ca73192b98d89897693f8ebfbf28 size: 141824
Section.rdata md5: 0e62ede07b7f1185956ff9cbba33736b sha1: 945c19fce2cd944d47acb6a3a6f804e4216a6e33 size: 58880
Section.data md5: 5990499cb98deab1a0c9bdc6c1836620 sha1: 95bfcfd99ab6661a2cc0dd4dc9891e2b125798d0 size: 37376
Section.rsrc md5: c1e9737d5e0bca0d8daa87c32fb9b69f sha1: 5c9839dba330a83af2fcc4fa466d813569b41634 size: 188928
Timestamp2016-02-09 00:59:31
PackerMicrosoft Visual C++ ?.?
PEhash365110ebe5c6985542d44e676e75df58e9cbc4ac
IMPhashbd2a8f9ba380f160b10d2209983a6ae7
AVCA (E-Trust Ino)Gen:Variant.Midie.7265
AVF-SecureGen:Variant.Midie.7265
AVDr. WebTrojan.Inject1.56622
AVClamAVWin.Trojan.Agent-975646
AVArcabit (arcavir)Gen:Variant.Midie.7265
AVBullGuardNo Virus
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)No Virus
AVTrend MicroNo Virus
AVKasperskyTrojan-Ransom.Win32.Bitman.idu
AVZillya!No Virus
AVIkarusTrojan.Win32.Crypt
AVFrisk (f-prot)No Virus
AVEmsisoftGen:Variant.Midie.7265
AVAuthentiumW32/Rovnix.C.gen!Eldorado
AVMalwareBytesTrojan.MalPack.PK
AVMicroWorld (escan)Gen:Variant.Midie.7265
AVMicrosoft Security EssentialsTrojan:Win32/Dynamer!ac
AVK7Trojan ( 004ddca71 )
AVBitDefenderGen:Variant.Midie.7265
AVFortinetW32/Kryptik.ENJD!tr
AVSymantecTrojan.Cryptlock.N!g2
AVGrisoft (avg)Generic37.ALQD
AVEset (nod32)Win32/Kryptik.ENJD
AVAlwil (avast)No Virus
AVRisingNo Virus
AVAd-AwareGen:Variant.Midie.7265
AVTwisterNo Virus
AVAvira (antivir)TR/Crypt.Xpack.445782
AVMcafeeBackDoor-FDCH!A1DD0DD44C6A

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Application Data\hbhhgun.exe
Creates ProcessC:\Documents and Settings\Administrator\Application Data\hbhhgun.exe
Creates ProcessC:\WINDOWS\system32\cmd.exe /c DEL C:\A3B8AD~1.EXE

Process
↳ C:\WINDOWS\system32\cmd.exe /c DEL C:\A3B8AD~1.EXE

Process
↳ C:\Documents and Settings\Administrator\Application Data\hbhhgun.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\dsfgsdf-67897869 ➝
C:\Documents and Settings\Administrator\Application Data\hbhhgun.exe\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections ➝
1
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\dsfgsdf-67897869 ➝
C:\Documents and Settings\Administrator\Application Data\hbhhgun.exe\\x00
RegistryHKEY_CURRENT_USER\Software\xxxsys\ID ➝
NULL
RegistryHKEY_CURRENT_USER\Software\7E5CFB687B19A2D5\data ➝
NULL
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013052720130603\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Music\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Security\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts\glob.js
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\My Documents\My Pictures\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\IMJP8_1\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\IMJP8_1\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\My Documents\recover_file_djwfaktei.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dd_netfx20UI3716.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Favorites\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\SendTo\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Forms\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Templates\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\IMJP8_1\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\PrintHood\HELP_RECOVER_instructions+nyb.png
Creates FilePIPE\wkssvc
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Documents\My Videos\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\NetHood\shared on Samba 3.6.9-151.el6 (192.168.1.1)\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
Creates FileC:\Documents and Settings\Administrator\NetHood\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Color\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Start Menu\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\NetHood\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\PrintHood\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\My Documents\My Pictures\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Forms\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\My Playlists\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\SendTo\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Cookies\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Identities\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Preferences\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Documents\My Music\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Identities\{66520883-AF04-4437-A539-3E2F2944B956}\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\My Documents\My Music\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Documents\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Collab\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\My Documents\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\Install\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Favorites\Links\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Security\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\TypeSupport\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Templates\winword.doc
Creates FileC:\Documents and Settings\Administrator\Cookies\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013061320130614\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Documents\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Templates\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Recent\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.30319\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\My Documents\My Pictures\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Favorites\Links\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\NetHood\shared on Samba 3.6.9-151.el6 (192.168.1.1)\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Recent\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Favorites\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Identities\{66520883-AF04-4437-A539-3E2F2944B956}\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\TypeSupport\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Templates\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\My Documents\My Music\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\JavaScripts\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\My Documents\My Music\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013052720130603\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.30319\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\DRM\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Security\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Documents\My Music\My Playlists\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\manifest.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\AdobeUM\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Templates\winword2.doc
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\JavaScripts\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013061320130614\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Videos\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Collab\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013052720130603\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\DRM\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Favorites\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Security\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Identities\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Collab\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Recent\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\SendTo\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20130508_125854937-MSI_vc_red.msi.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Security\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Identities\{66520883-AF04-4437-A539-3E2F2944B956}\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\My Playlists\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\Install\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Templates\excel4.xls
Creates FileC:\Documents and Settings\Administrator\Templates\wordpfct.wpd
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\NetHood\shared on Samba 3.6.9-151.el6 (192.168.1.1)\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\AdobeUM\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Security\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\PrintHood\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Color\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\appcompat.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg
Creates FileC:\Documents and Settings\Administrator\Templates\excel.xls
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Templates\powerpnt.ppt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\MMC\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Identities\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Preferences\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Music\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Color\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dd_netfx20MSI3716.txt
Creates FileC:\Documents and Settings\All Users\DRM\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Templates\quattro.wb2
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\MMC\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\TypeSupport\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Preferences\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Favorites\Links\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\HELP_RECOVER_instructions+nyb.txt
Creates FilePIPE\srvsvc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\Install\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\JavaScripts\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\NetHood\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\MMC\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Favorites\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\AdobeUM\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\My Documents\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\My Documents\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\All Users\Documents\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013061320130614\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Favorites\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Cookies\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.30319\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Forms\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\All Users\Documents\My Videos\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Favorites\HELP_RECOVER_instructions+nyb.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HELP_RECOVER_instructions+nyb.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+nyb.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\HELP_RECOVER_instructions+nyb.html
Creates Processbcdedit.exe /set {current} recoveryenabled off
Creates Processvssadmin.exe delete shadows /all /Quiet
Creates Mutex__sys_234238233295

Process
↳ bcdedit.exe /set {current} recoveryenabled off

Process
↳ vssadmin.exe delete shadows /all /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNShnb.net
Type: A
222.165.133.242
DNSfirecheerleaders.fr
Type: A
213.186.33.171
DNSladiesdehaan.be
Type: A
62.210.92.9
DNSchonburicoop.net
Type: A
27.254.96.151
DNSpasslift.com
Type: A
217.116.196.239
DNSactionpourisrael.com
Type: A
213.186.33.4
HTTP POSThttp://hnb.net/templates/assets/email_tmpl/uploads/mzsys.php
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
HTTP POSThttp://firecheerleaders.fr/modules/mod_cmscore/mzsys.php
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
HTTP POSThttp://ladiesdehaan.be/modules/mod_cmscore/mzsys.php
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
HTTP POSThttp://chonburicoop.net/tmp/mzsys.php
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
HTTP POSThttp://passlift.com/templates/sj_icenter/html/mod_k2_content/Default/mzsys.php
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
HTTP POSThttp://actionpourisrael.com/modules/mod_speedup/mzsys.php
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Flows TCP192.168.1.1:1031 ➝ 222.165.133.242:80
Flows TCP192.168.1.1:1032 ➝ 213.186.33.171:80
Flows TCP192.168.1.1:1033 ➝ 62.210.92.9:80
Flows TCP192.168.1.1:1034 ➝ 27.254.96.151:80
Flows TCP192.168.1.1:1035 ➝ 217.116.196.239:80
Flows TCP192.168.1.1:1036 ➝ 213.186.33.4:80

Raw Pcap

Strings