Analysis Date2017-07-14 23:35:29
MD5f44a747b9869376a016a032d587031e4
SHA1e4dd8a8ac8a941c6880fc3195a488eb362359b81

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 791799c54171a5ebfbf278a4f374a193 sha1: 5db23bfcf3c863d5a8eec76d0673bbf559effeec size: 2560
Section.data md5: d447e459653b50488035fa0eeb73205e sha1: 247a07d59dfdeacbc7632ff820aeb5d980df6839 size: 512
Section.xcpad md5: sha1: size:
Section.idata md5: 41e0574f20f21f653aa920261dd7710c sha1: 63a97f03e700c27b1faeb452a2c26c9a4e22c0f2 size: 1536
Section.reloc md5: sha1: size:
Section.rsrc md5: 3a5ce84acf065afa8eb57ef1e71c0c7b sha1: adb7311758780baa7404f91a4a32e4f346138407 size: 7680
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhash2882965f02737a1b501e426c9c6b57a3
AV360 SafeNo Virus
AVAd-AwareTrojan.GenericKD.1416345
AVAlwil (avast)Crypt-QFY [Trj]
AVArcabit (arcavir)Trojan.GenericKD.1416345
AVAuthentiumW32/Trojan.RULM-9121
AVAvira (antivir)TR/Rogue.AI.11221
AVBitDefenderTrojan.GenericKD.1416345
AVBullGuardTrojan.GenericKD.1416345
AVCA (E-Trust Ino)Trojan.GenericKD.1416345
AVCAT (quickheal)TrojanDownloader.Upatre.A5
AVClamAVWin.Trojan.Agent-1123801
AVDr. WebTrojan.DownLoad3.28161
AVEmsisoftTrojan.GenericKD.1416345
AVEset (nod32)Win32/TrojanDownloader.Waski.A
AVF-SecureTrojan.GenericKD.1416345
AVFortinetW32/Zbot.HFQ!tr
AVFrisk (f-prot)W32/Trojan3.GPA
AVGrisoft (avg)Crypt2.BXXF
AVIkarusTrojan-Spy.Win32.Zbot
AVK7Trojan-Downloader ( 0040f6bd1 )
AVKasperskyTrojan-Downloader.Win32.Agent.hdsz
AVMalwareBytesTrojan.FakeMS.ED
AVMcafeePWSZbot-FMO!F44A747B9869
AVMicroWorld (escan)Trojan.GenericKD.1416345
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Win32.Agent.cqixup
AVPadvishNo Virus
AVRisingNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-Clicker
AVSymantecDownloader
AVTrend MicroTROJ_UPATRE.SMJ8
AVTwisterTrojanDldr.Waski.A.rmgu
AVVirusBlokAda (vba32)TrojanDownloader.Agent
AVWindows DefenderTrojanDownloader:Win32/Upatre
AVZillya!Downloader.Agent.Win32.182483

Runtime Details:

Screenshot

Process
↳ C:\DOCUME~1\Admin\Local Settings\Temp\budha.exe

Creates Mutex
Creates MutexRasPbFile
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates FileC:\WINDOWS\system32\dssenh.dll
Creates FileC:\WINDOWS\system32\dssenh.dll
Creates Filec:\autoexec.bat
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar2.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab1.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar4.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab3.tmp
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\ajax[1].htm
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar6.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab5.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar8.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab7.tmp
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\filter[1].htm
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\TarA.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Cab9.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\TarC.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabB.tmp
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\ajax[2].htm
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\TarE.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabD.tmp
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates Filec:\autoexec.bat
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\Tar10.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\CabF.tmp
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LOIKNI02\filter[2].htm
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData ➝
C:\Documents and Settings\All Users\Application Data\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1

Process
↳ Pid 1284

Process
↳ C:\e4dd8a8ac8a941c6880fc3195a488eb362359b81.exe

Creates Filemciwave.dll
Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\e4dd8a8ac8a941c6880fc3195a488eb362359b81.exe
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\budha.exe
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\budha.exe
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\budha.exe
Creates Mutex
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\BaseClass ➝
Drive\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents ➝
C:\Documents and Settings\All Users\Documents\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop ➝
C:\Documents and Settings\All Users\Desktop\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\Admin\Local Settings\Temp\budha.exe ➝
budha\\x00

Process
↳ C:\WINDOWS\Explorer.EXE

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileWMIDataDevice
Creates FileC:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db
Creates FileC:\WINDOWS\System32\cscui.dll
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates Fileshadow
Creates FileC:\WINDOWS\Resources\themes\Luna\Luna.msstyles
Creates FileWMIDataDevice
Creates FileWMIDataDevice
Creates FileWMIDataDevice
Creates FileC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Creates FileC:\WINDOWS\SYSTEM32\mydocs.dll
Creates FileC:\WINDOWS\system32\NETSHELL.dll
Creates FileC:\WINDOWS\system32\SHELL32.dll
Creates FileC:\WINDOWS\system32\mydocs.dll
Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileWMIDataDevice
Creates FileWMIDataDevice
Creates FileIp
Creates FileC:\WINDOWS\system32\SHELL32.dll
Creates FileC:\WINDOWS\Explorer.exe
Creates FileC:\WINDOWS\System32\shell32.dll
Creates FileC:\WINDOWS\system32\moricons.dll
Creates FileC:\WINDOWS\System32\shell32.dll
Creates FileC:\WINDOWS\system32\shell32.dll
Creates FileC:\WINDOWS\system32\shell32.dll
Creates FileC:\WINDOWS\system32\shell32.dll
Creates Fileshadow
Creates Fileshadow
Creates FileHCD0
Creates Fileshadow
Creates Fileshadow
Creates Fileshadow
Creates Fileshadow
Creates Fileshadow
Creates Mutex
Creates MutexExplorerIsShellMutex
Creates Mutex
Creates Mutex
Creates MutexShell.CMruPidlList
Creates Mutex
Creates Mutex_SHuassist.mtx
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CleanShutdown ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\Generation ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\Generation ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\SessionInformation\ProgramCount ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup ➝
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu ➝
C:\Documents and Settings\All Users\Start Menu\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Programs ➝
C:\Documents and Settings\All Users\Start Menu\Programs\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop ➝
C:\Documents and Settings\All Users\Desktop\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents ➝
C:\Documents and Settings\All Users\Documents\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{c59b1c52-4fc7-11e5-ae19-806d6172696f}\Drive Type ➝
3
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\Services ➝
31

Network Details:


Raw Pcap

Strings
 s`K
s<+K
@&+K
JRQQQ[
 7`K
 s`K
s.+K
sQ+K
 g`K
H%+K
#jif
 W^K
 ?^K
 /^K
 +^K
 O^K
 S^K
 +^K
 K^K
 [^K
 _^@
~H_:
|v,M
v'qn
(|"
5B @
Ph% @
PRFT
SSCL
CreateWindowExA
LoadCursorA
TranslateMessage
set waveaudio door open
LoadLibraryExA
user32.dll
mciSendStringA
Winmm.dll
r5Ht
user32.dll
GDI32.dll
Msacm32.dll
ADVAPI32.dll
IMM32.dll
kernel32.dll
GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
GetMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
GetDoubleClickTime
GetQueueStatus
LoadIconA
RegisterClassA
RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid
IntersectClipRect
ExcludeClipRect
UpdateColors
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
CreateFontIndirectA
GetTextExtentExPointA
GetTextMetricsA
CreateFontA
RealizePalette
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
acmStreamOpen
acmDriverPriority
####
#######
####
4,##########
#########
#####,
,######,
#####2
######2#
JC44K
xXMt7
#######2#J
########2,
2U{DY]]F
####
########2#CzzC2#
####
2222222222,R R
##,,,,######
2222222222#C%
,22#2222######
22222222222,
#2#############
22222222222<K
K#2#2###########
22222222222<
,222##2#########
22222222
,42222##2#######
i,42222222#######
i<22222222#######
222222222####
22222222222##
$$$$$$$$
222222222#
$$$$$$
$$$$,
dk<4
22222222
++$$
2222222
888888888&8&&
9=======))))))))))))))))pp)))
<$$$$$
9:::::::3>333W>>>33W>33333333>
******
m-------M
7-7M
o77on7-------E
*T11II11
:(((((-Mt
7-(-((-E
L((((((Z}
((((((E
1G;?????
-555555Zx
lZF5555F5XN
(555555Z}2
4DPKDP#4
F05550qN
5000000u~4Y
K~4YSKrRK
~0000060
4wjj
bg;T
0%%%%%%
`%%%%%
ubg^T
%%%%%%%%`ad
%Had
%%%%%%`
bg^T#
%%%%%%%%%BB%%%BB%HH%BB%HHHHH%H
H///////'''''''''''''''''''''/
.................f.
$&&&
&&&&&
&&&&$$$&
$$$$$$$
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
%xn;
?I-3
(f;_
K!5m
[E3L
e( &
	=Z
;5Jj
*o0Z
-cJ,
jyjM
t	N