Analysis Date2015-09-06 01:34:58
MD55ecf4429bea90424e9ce17bc35590232
SHA1fbedc5aa843332e582050680bdfd0dec09b612bb

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: eba1289852e36fe740eb03ce480a738f sha1: a7e7a0bc332c7f576e169a63921037159f666a43 size: 12288
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: dee69447b57373ecd67a6ac2153ba536 sha1: 41d5f30568f46b6a339fe0d599c9ef241e6d91e9 size: 4096
Timestamp2008-05-23 01:17:07
PackerMicrosoft Visual Basic v5.0
PEhash40fba7deeefebbdc63ce93411b25679cbce5e293
IMPhash96e57d09efd03a48c83f1349e435734e
AVRisingTrojan.Agent!5630
AVMcafeeW32/Autorun.worm.fb
AVAvira (antivir)TR/VB.dbi
AVTwisterTrojan.DAA5B433F31BA52B
AVAd-AwareGen:Trojan.Heur.bmX@s1ArQPcaf
AVAlwil (avast)GenMalicious-HRY [Trj]
AVEset (nod32)Win32/AutoRun.VB.AMP worm
AVGrisoft (avg)Generic10.AUGU
AVSymantecTrojan Horse
AVFortinetW32/VB.AKYK!tr
AVBitDefenderGen:Trojan.Heur.bmX@s1ArQPcaf
AVK7Riskware ( 0040eff71 )
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Trojan.Heur.bmX@s1ArQPcaf
AVMalwareBytesno_virus
AVAuthentiumW32/Trojan.YEBW-4863
AVFrisk (f-prot)W32/Trojan2.FYIY
AVIkarusTrojan.Win32.VB
AVEmsisoftGen:Trojan.Heur.bmX@s1ArQPcaf
AVZillya!Backdoor.CPEX.Win32.27772
AVKasperskyTrojan.Win32.Fsysna.akyk
AVTrend MicroTROJ_VB.IXR
AVCAT (quickheal)Worm.Autorun.NC3
AVVirusBlokAda (vba32)Trojan.VB
AVPadvishMalware.Trojan.VB-4603
AVBullGuardGen:Trojan.Heur.bmX@s1ArQPcaf
AVArcabit (arcavir)Gen:Trojan.Heur.bmX@s1ArQPcaf
AVClamAVTrojan.VB-4603
AVDr. WebWin32.HLLP.Reverse.1
AVF-SecureGen:Trojan.Heur.bmX@s1ArQPcaf
AVCA (E-Trust Ino)Win32/Pcclient.FZ

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Creates FileC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst2.wpl
Creates FileC:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\desktop.ini
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst9.wpl
Creates FileC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7VNNFHVS\desktop.ini
Creates FileC:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts\glob.js
Creates FileC:\Documents and Settings\Administrator\Favorites\Desktop.ini
Creates FileC:\Documents and Settings\LocalService\Local Settings\desktop.ini
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst13.wpl
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
Creates FileC:\CONFIG.SYS
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Recent\signatures.pdf.lnk
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dd_netfx20UI3716.txt
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\rt3d.dll
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\aumLib.log
Creates FileC:\Documents and Settings\Default User\Templates\winword.doc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\AGM.dll
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
Creates FileC:\Documents and Settings\All Users\DRM\drmv2.sst
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst10.wpl
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\desktop.ini
Creates FileC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Favorites\Links\Customize Links.url
Creates FileC:\Documents and Settings\Administrator\Favorites\Links\Free Hotmail.url
Creates FileC:\WINDOWS\Msvbvm60.dll
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Backgammon.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
Creates FileC:\Documents and Settings\Default User\NTUSER.DAT.LOG
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013061320130614\index.dat
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\ACE.dll
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Synchronize.lnk
Creates FilePIPE\wkssvc
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Local Security Policy.lnk
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\UserCache.bin
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Templates\lotus.wk4
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk
Creates FileC:\Documents and Settings\Administrator\Favorites\Links\Windows Marketplace.url
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
Creates FileC:\Documents and Settings\Default User\SendTo\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Recent\shared on Samba 3.6.9-151.el6 (192.168.1.1).lnk
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\TypeSupport\AdobeFnt11.lst
Creates FileC:\Documents and Settings\Administrator\ntuser.ini
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp
Creates FileC:\Documents and Settings\Administrator\Recent\Desktop.ini
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\sharedaccess.ini
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\Hearts.lnk
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013052720130603\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log
Creates FileC:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Creates FileC:\Documents and Settings\All Users\DRM\Msvbvm60.dll
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst14.wpl
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\setup.ini
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp
Creates FileC:\Documents and Settings\Administrator\My Documents\My Music\Sample Music.lnk
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Command Prompt.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\ASPNETSetup_00000.log
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp
Creates FileC:\Documents and Settings\Default User\Start Menu\desktop.ini
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance.lnk
Creates FileC:\WINDOWS\system32\drivers\winlogon.exe
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
Creates FileC:\B1uv3nth3x1.diz
Creates FileC:\WINDOWS\AE 0124 BE.jpg
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Address Book.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\Spider Solitaire.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Creates FileC:\Documents and Settings\Default User\Templates\presenta.shw
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\Freecell.lnk
Creates FileC:\boot.ini
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\aum.log
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Desktop.ini
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\Msvbvm60.dll
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Calculator.lnk
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin
Creates FileC:\Documents and Settings\Administrator\Templates\winword.doc
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Templates\Msvbvm60.dll
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\JSADM.exv
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Collab\RSS
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\install.bmp
Creates FileC:\Documents and Settings\Administrator\My Documents\My Pictures\Desktop.ini
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk
Creates FileC:\Documents and Settings\LocalService\ntuser.ini
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\1abf0e.msp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Color\ACECache10.lst
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Backup.lnk
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\wuauclt.exe.hdmp
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
Creates FileC:\Documents and Settings\Administrator\Favorites\MSN.com.url
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst11.wpl
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\setup.ini
Creates FileC:\Documents and Settings\Administrator\Recent\2013_China_Report_FINAL.pdf.lnk
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst4.wpl
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst5.wpl
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
Creates FileC:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\UserCache.bin
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\desktop.ini
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt
Creates FileC:\Documents and Settings\LocalService\Cookies\index.dat
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg
Creates Filec:\B1uv3nth3x1.diz
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.lnk
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini
Creates FileC:\Documents and Settings\Default User\NTUSER.DAT
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt
Creates FileC:\Documents and Settings\Default User\Local Settings\History\desktop.ini
Creates FileC:\Msvbvm60.dll
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk
Creates FileC:\Documents and Settings\Default User\Templates\excel.xls
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst1.wpl
Creates FileC:\Documents and Settings\Default User\SendTo\Mail Recipient.MAPIMail
Creates FileC:\Documents and Settings\Administrator\Templates\sndrec.wav
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Recent\test.pdf.lnk
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\1abf0c.msp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\manifest.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Spades.lnk
Creates FileC:\Documents and Settings\Administrator\NetHood\shared on Samba 3.6.9-151.el6 (192.168.1.1)\target.lnk
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\AdbeRdrUpd932_all_incr.msp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
Creates FileC:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\WordPad.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt
Creates FileC:\Documents and Settings\Default User\Templates\excel4.xls
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll
Creates FileC:\Documents and Settings\Default User\Templates\winword2.doc
Creates FileC:\Documents and Settings\Administrator\Favorites\Links\Windows Media.url
Creates FileC:\Documents and Settings\Administrator\Templates\winword2.doc
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HyperTerminal.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp
Creates FileC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
Creates FileC:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\SendTo\My Documents.mydocs
Creates FileC:\Documents and Settings\Default User\SendTo\Compressed (zipped) Folder.ZFSendToTarget
Creates FileC:\Documents and Settings\Default User\Cookies\index.dat
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\9.0\UserCache.bin
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst7.wpl
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst15.wpl
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Checkers.lnk
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Help\ENU\Reader.pdf
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Esl\AiodLite.dll
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Msvbvm60.dll
Creates FileC:\Documents and Settings\LocalService\Local Settings\History\desktop.ini
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
Creates FileC:\Documents and Settings\Administrator\Templates\presenta.shw
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\AdbeRdrUpd933_all_incr.msp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\wuauclt.exe.mdmp
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20130508_125854937.html
Creates FileC:\Documents and Settings\All Users\Documents\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Start Menu\desktop.ini
Creates FileC:\Documents and Settings\NetworkService\ntuser.ini
Creates FileC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WT6FC96J\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
Creates FileC:\Documents and Settings\Default User\Templates\quattro.wb2
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\AdobeARM_NotLocked.log
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Msvbvm60.dll
Creates FileC:\Documents and Settings\Administrator\Favorites\Links\Windows.url
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20130508_125854937-MSI_vc_red.msi.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst3.wpl
Creates FileC:\Documents and Settings\Administrator\SendTo\desktop.ini
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Tour Windows XP.lnk
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
Creates FileC:\Documents and Settings\Administrator\Templates\excel4.xls
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\AcroRead.msi
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Hearts.lnk
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
Creates FileC:\Documents and Settings\All Users\Start Menu\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Templates\amipro.sam
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\BIB.dll
Creates FileC:\Documents and Settings\Administrator\My Documents\My Music\Desktop.ini
Creates FileC:\Documents and Settings\Administrator\Application Data\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\1abf0d.msp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\appcompat.txt
Creates FileC:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe\Color\ACECache10.lst
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg
Creates FileC:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe\Color\ACECache4.lst
Creates FileC:\Documents and Settings\Administrator\Templates\excel.xls
Creates FileC:\Documents and Settings\Administrator\Templates\powerpnt.ppt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\Solitaire.lnk
Creates FileC:\Documents and Settings\Default User\Templates\lotus.wk4
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst6.wpl
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\9.0\SharedDataEvents
Creates FileC:\Documents and Settings\Administrator\Favorites\Radio Station Guide.url
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
Creates FileC:\Documents and Settings\Default User\Templates\sndrec.wav
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\Minesweeper.lnk
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dd_netfx20MSI3716.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst
Creates FileC:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt
Creates FileC:\Documents and Settings\Administrator\Templates\quattro.wb2
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
Creates FileC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KZY09SFE\desktop.ini
Creates FileC:\Documents and Settings\All Users\Application Data\desktop.ini
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\Pinball.lnk
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
Creates FileC:\Documents and Settings\All Users\DRM\drmv2.lic
Creates FileC:\Documents and Settings\Default User\Templates\amipro.sam
Creates FileC:\Documents and Settings\Administrator\NetHood\shared on Samba 3.6.9-151.el6 (192.168.1.1)\Desktop.ini
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\BIT1D8.tmp
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Reversi.lnk
Creates FileC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NEMJA1ZC\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
Creates FileC:\Documents and Settings\Default User\Templates\Msvbvm60.dll
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp
Creates FileC:\Documents and Settings\Default User\Application Data\desktop.ini
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\CoolType.dll
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\AdobeARM.log
Creates FileC:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\Msvbvm60.dll
Creates FileC:\Documents and Settings\Default User\SendTo\Desktop (create shortcut).DeskLink
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\desktop.ini
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst12.wpl
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Color\ACECache4.lst
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Msvbvm60.dll
Creates FileC:\Documents and Settings\Administrator\My Documents\My Pictures\Sample Pictures.lnk
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Sound Recorder.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\AdbeRdrUpd934_all_incr.msp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
Creates FileC:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Creates FileC:\AUTOEXEC.BAT
Creates FileC:\Documents and Settings\NetworkService\Local Settings\desktop.ini
Creates FileC:\Documents and Settings\Default User\Templates\powerpnt.ppt
Creates FileC:\Documents and Settings\Default User\Local Settings\desktop.ini
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk
Creates FileC:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\My Documents\desktop.ini
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Information.lnk
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\Plylst8.wpl
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Security Center.lnk
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\Acrofx32.dll
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Activate Windows.lnk
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\IMJP8_1\imjp81u.dic
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Volume Control.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Restore.lnk
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini
Creates Process"rundll32.exe" C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen C:\WINDOWS\AE 0124 BE.jpg

Process
↳ "rundll32.exe" C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen C:\WINDOWS\AE 0124 BE.jpg

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellImageView\Bounds ➝
NULL

Process
↳ "C:\WINDOWS\system32\drivers\winlogon.exe"

Process
↳ C:\WINDOWS\system32\drivers\winlogon.exe

Process
↳ C:\WINDOWS\system32\drivers\winlogon.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\WINDOWS\system32\drivers\Msvbvm60.dll
Creates FileC:\Autorun.inf
Creates FileC:\Autorun.inf
Creates FileC:\Msvbvm60.dll
Creates FileC:\FOUND.006.exe
Creates FileC:\WINDOWS\AE 0124 BE.exe
Creates FilePIPE\wkssvc
Creates FileC:\FOUND.006.exe
Creates Filec:\B1uv3nth3x1.diz
Creates Process"C:\WINDOWS\AE 0124 BE.exe"

Process
↳ "C:\WINDOWS\AE 0124 BE.exe"

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\WINDOWS\Cursors\appstar2.ani
Creates FileC:\WINDOWS\iis6.log
Creates FileC:\WINDOWS\win.ini
Creates FileC:\WINDOWS\Cursors\size1_il.cur
Creates FileC:\WINDOWS\Cursors\beam_r.cur
Creates FileC:\WINDOWS\Cursors\hibeam.cur
Creates FileC:\WINDOWS\Cursors\busy_m.cur
Creates FileC:\WINDOWS\_default.pif
Creates FileC:\WINDOWS\Cursors\move_r.cur
Creates FileC:\WINDOWS\winnt.bmp
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\907855fd87ed5a4c815ed5e7d60fff88\System.EnterpriseServices.ni.dll
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
Creates FileC:\WINDOWS\Cursors\wait_l.cur
Creates FileC:\WINDOWS\Cursors\beam_im.cur
Creates FileC:\WINDOWS\Cursors\appstar3.ani
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
Creates FileC:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
Creates FileC:\WINDOWS\Cursors\piano.ani
Creates FileC:\WINDOWS\bootstat.dat
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f93d64b45751f545907f53a6480ef020\Microsoft.Build.Framework.ni.dll
Creates FileC:\WINDOWS\Cursors\fillitup.ani
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\734413e6d8aa6c4c800023385ad7bee7\System.Xml.ni.dll
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
Creates FileC:\WINDOWS\Cursors\size2_il.cur
Creates FileC:\WINDOWS\Cursors\hnwse.cur
Creates FileC:\WINDOWS\Cursors\pen_m.cur
Creates FileC:\WINDOWS\Cursors\size4_r.cur
Creates FileC:\WINDOWS\Cursors\size3_il.cur
Creates FileC:\WINDOWS\Cursors\metronom.ani
Creates FileC:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
Creates FileC:\WINDOWS\Cursors\beam_rm.cur
Creates FileC:\WINDOWS\twain_32.dll
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
Creates FileC:\WINDOWS\Cursors\3dwnwse.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
Creates FileC:\WINDOWS\Cursors\3dwmove.cur
Creates FileC:\WINDOWS\Cursors\help_im.cur
Creates FileC:\WINDOWS\Cursors\pen_l.cur
Creates FileC:\WINDOWS\Cursors\cross_r.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
Creates FileC:\WINDOWS\Cursors\up_m.cur
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
Creates FileC:\WINDOWS\Cursors\hnesw.cur
Creates FileC:\WINDOWS\comsetup.log
Creates FileC:\WINDOWS\Cursors\size1_im.cur
Creates FileC:\WINDOWS\Cursors\sizens.ani
Creates FileC:\WINDOWS\Cursors\lnwse.cur
Creates FileC:\WINDOWS\Cursors\dinosau2.ani
Creates FileC:\WINDOWS\Cursors\hourgla3.ani
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
Creates FileC:\WINDOWS\Blue Lace 16.bmp
Creates FileC:\WINDOWS\Cursors\handno.ani
Creates FileC:\WINDOWS\Cursors\handns.ani
Creates FileC:\WINDOWS\Cursors\up_il.cur
Creates FileC:\WINDOWS\winnt256.bmp
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
Creates FileC:\WINDOWS\Cursors\size2_rm.cur
Creates FileC:\WINDOWS\Cursors\cross.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
Creates FileC:\WINDOWS\Cursors\size2_m.cur
Creates FileC:\WINDOWS\Cursors\libeam.cur
Creates FileC:\WINDOWS\system.ini
Creates FileC:\WINDOWS\Cursors\move_m.cur
Creates FileC:\WINDOWS\Cursors\Msvbvm60.dll
Creates FilePIPE\wkssvc
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\bd58ebbf657b4440b8f86b8c2bfbf417\System.Data.ni.dll
Creates FileC:\WINDOWS\imsins.log
Creates FileC:\WINDOWS\Cursors\size1_i.cur
Creates FileC:\WINDOWS\Cursors\3dgnwse.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
Creates FileC:\WINDOWS\Cursors\size3_i.cur
Creates FileC:\WINDOWS\Cursors\hwe.cur
Creates FileC:\WINDOWS\Cursors\cross_im.cur
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\c65e862783686947bd1f8bc0c492c593\System.Web.ni.dll
Creates FileC:\WINDOWS\tabletoc.log
Creates FileC:\WINDOWS\Cursors\lwait.cur
Creates FileC:\WINDOWS\Cursors\3dsmove.cur
Creates FileC:\WINDOWS\Rhododendron.bmp
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\cac3915cde29fb45a994ab2e7cef3cc8\CustomMarshalers.ni.dll
Creates FileC:\WINDOWS\Cursors\no_l.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
Creates FileC:\WINDOWS\Cursors\handnwse.ani
Creates FileC:\WINDOWS\CSC\00000002
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Creates FileC:\WINDOWS\Cursors\beam_il.cur
Creates FileC:\WINDOWS\Gone Fishing.bmp
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\5a78c44122904d49aaeb4c49caa66478\System.Deployment.ni.dll
Creates FileC:\WINDOWS\AppPatch\drvmain.sdb
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
Creates FileC:\WINDOWS\clock.avi
Creates FileC:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
Creates FileC:\WINDOWS\Cursors\pen_rl.cur
Creates FileC:\WINDOWS\twunk_32.exe
Creates FileC:\WINDOWS\Cursors\busy_l.cur
Creates FileC:\WINDOWS\Cursors\size4_rl.cur
Creates FileC:\WINDOWS\hh.exe
Creates FileC:\WINDOWS\AppPatch\apph_sp.sdb
Creates FileC:\WINDOWS\Cursors\rainbow.ani
Creates FileC:\WINDOWS\Cursors\hns.cur
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8f12b75c02ea2243b7d8a51574454ef6\System.Web.Services.ni.dll
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
Creates FileC:\WINDOWS\NOTEPAD.EXE
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\55d81ae8e2706c4f808e758269014887\Microsoft.VisualBasic.ni.dll
Creates FileC:\WINDOWS\regedit.exe
Creates FileC:\WINDOWS\CSC\00000001
Creates FileC:\WINDOWS\Cursors\move_rm.cur
Creates FileC:\WINDOWS\wmsetup.log
Creates FileC:\WINDOWS\AE 0124 BE.jpg
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\b558c6b7e062a14eaf30d90a763ddb2c\System.Drawing.ni.dll
Creates FileC:\WINDOWS\Cursors\size3_rm.cur
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\907855fd87ed5a4c815ed5e7d60fff88\System.EnterpriseServices.Wrapper.dll
Creates FileC:\WINDOWS\Cursors\wait_rl.cur
Creates FileC:\WINDOWS\Cursors\size2_i.cur
Creates FileC:\WINDOWS\twunk_16.exe
Creates FileC:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
Creates FileC:\WINDOWS\Cursors\size3_l.cur
Creates FileC:\WINDOWS\Cursors\size1_r.cur
Creates FileC:\WINDOWS\control.ini
Creates FileC:\WINDOWS\Cursors\hmove.cur
Creates FileC:\WINDOWS\MedCtrOC.log
Creates FileC:\WINDOWS\vmmreg32.dll
Creates FileC:\WINDOWS\Cursors\help_rm.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
Creates FileC:\WINDOWS\Cursors\arrow_r.cur
Creates FileC:\WINDOWS\ocmsn.log
Creates FileC:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
Creates FileC:\WINDOWS\OEWABLog.txt
Creates FileC:\WINDOWS\Cursors\no_m.cur
Creates FileC:\WINDOWS\Cursors\arrow_m.cur
Creates FileC:\WINDOWS\AppPatch\apphelp.sdb
Creates FileC:\WINDOWS\WMSysPr9.prx
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
Creates FileC:\WINDOWS\Cursors\cross_l.cur
Creates FileC:\WINDOWS\Cursors\busy_il.cur
Creates FileC:\WINDOWS\Cursors\help_r.cur
Creates FileC:\WINDOWS\Cursors\arrow_il.cur
Creates FileC:\WINDOWS\Cursors\size3_im.cur
Creates FileC:\WINDOWS\Cursors\beam_i.cur
Creates FileC:\WINDOWS\Cursors\hcross.cur
Creates FileC:\WINDOWS\Cursors\lns.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
Creates FileC:\WINDOWS\Cursors\horse.ani
Creates FileC:\WINDOWS\setupact.log
Creates FileC:\WINDOWS\Cursors\pen_rm.cur
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\ddfc3d6c168910428333e28a94f8da83\System.Design.ni.dll
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\66e9399c9a54b041a5caa3b1643b61d2\System.Windows.Forms.ni.dll
Creates FileC:\WINDOWS\Cursors\help_rl.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
Creates FileC:\WINDOWS\Cursors\handapst.ani
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
Creates FileC:\WINDOWS\Cursors\arrow_rm.cur
Creates FileC:\WINDOWS\ODBCINST.INI
Creates FileC:\WINDOWS\Cursors\3dgno.cur
Creates FileC:\WINDOWS\Cursors\size4_il.cur
Creates FileC:\WINDOWS\CSC\csc1.tmp
Creates FileC:\WINDOWS\Soap Bubbles.bmp
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6f96ccfaf3c66b42a07af6e488a58439\mscorlib.ni.dll
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
Creates FileC:\WINDOWS\Cursors\3dwnesw.cur
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7ee22366a5a88a4d9c4b35a1724969f3\System.Transactions.ni.dll
Creates FileC:\WINDOWS\tsoc.log
Creates FileC:\WINDOWS\Cursors\barber.ani
Creates FileC:\WINDOWS\msdfmap.ini
Creates FileC:\WINDOWS\Cursors\up_rm.cur
Creates Filec:\B1uv3nth3x1.diz
Creates FileC:\WINDOWS\Cursors\dinosaur.ani
Creates FileC:\WINDOWS\Cursors\cross_rl.cur
Creates FileC:\WINDOWS\Cursors\3dwns.cur
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
Creates FileC:\WINDOWS\Cursors\larrow.cur
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
Creates FileC:\WINDOWS\AppPatch\AcXtrnal.dll
Creates FileC:\WINDOWS\Cursors\pen_il.cur
Creates FileC:\WINDOWS\Cursors\counter.ani
Creates FileC:\WINDOWS\setuperr.log
Creates FileC:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
Creates FileC:\WINDOWS\Cursors\size3_r.cur
Creates FileC:\WINDOWS\Cursors\raindrop.ani
Creates FileC:\WINDOWS\Cursors\wait_im.cur
Creates FileC:\WINDOWS\Sti_Trace.log
Creates FileC:\WINDOWS\Cursors\lnodrop.cur
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\f1460401f0e5ba4a8809c993a690c461\System.Configuration.ni.dll
Creates FileC:\WINDOWS\winhelp.exe
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\d35c221f74db5d48b3aa3ad663400c85\dfsvc.ni.exe
Creates FileC:\WINDOWS\Cursors\hnodrop.cur
Creates FileC:\WINDOWS\Cursors\3dsns.cur
Creates FileC:\WINDOWS\Cursors\help_l.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
Creates FileC:\WINDOWS\Cursors\cross_il.cur
Creates FileC:\WINDOWS\Cursors\size1_m.cur
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
Creates FileC:\WINDOWS\desktop.ini
Creates FileC:\WINDOWS\Cursors\up_i.cur
Creates FileC:\WINDOWS\Cursors\sizewe.ani
Creates FileC:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
Creates FileC:\WINDOWS\Greenstone.bmp
Creates FileC:\WINDOWS\netfxocm.log
Creates FileC:\WINDOWS\AppPatch\sysmain.sdb
Creates FileC:\WINDOWS\Cursors\pen_im.cur
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
Creates FileC:\WINDOWS\Cursors\handwe.ani
Creates FileC:\WINDOWS\Cursors\wait_m.cur
Creates FileC:\WINDOWS\Cursors\size4_rm.cur
Creates FileC:\WINDOWS\Cursors\3dgwe.cur
Creates FileC:\WINDOWS\Cursors\up_r.cur
Creates FileC:\WINDOWS\REGLOCS.OLD
Creates FileC:\WINDOWS\Cursors\up_rl.cur
Creates FileC:\WINDOWS\ntdtcsetup.log
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\e216ef88307a32408915eb991be5a378\System.Web.RegularExpressions.ni.dll
Creates FileC:\WINDOWS\Cursors\3dgarro.cur
Creates FileC:\WINDOWS\Cursors\no_im.cur
Creates FileC:\WINDOWS\Cursors\cross_m.cur
Creates FileC:\WINDOWS\Prairie Wind.bmp
Creates FileC:\WINDOWS\Cursors\arrow_i.cur
Creates FileC:\WINDOWS\Cursors\move_i.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
Creates FileC:\WINDOWS\Cursors\size3_rl.cur
Creates FileC:\WINDOWS\Cursors\size2_im.cur
Creates FileC:\WINDOWS\Cursors\size4_m.cur
Creates FileC:\WINDOWS\Cursors\cross_rm.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
Creates FileC:\WINDOWS\River Sumida.bmp
Creates FileC:\WINDOWS\Cursors\appstart.ani
Creates FileC:\WINDOWS\Cursors\wait_rm.cur
Creates FileC:\WINDOWS\Cursors\no_il.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
Creates FileC:\WINDOWS\Cursors\size4_l.cur
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\5c5b04f7f35e9346a6c0620b8b6b96d4\System.ni.dll
Creates FileC:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\630fc7aca28b144e871a74356406b36c\Microsoft.Build.Engine.ni.dll
Creates FileC:\WINDOWS\Cursors\sizenwse.ani
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
Creates FileC:\WINDOWS\Cursors\arrow_l.cur
Creates FileC:\WINDOWS\Cursors\lcross.cur
Creates FileC:\WINDOWS\regopt.log
Creates FileC:\WINDOWS\Cursors\no_r.cur
Creates FileC:\WINDOWS\Cursors\3dgnesw.cur
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cad564e303c6b24b86151da863a0e830\Microsoft.Build.Tasks.ni.dll
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\Cursors\size1_rm.cur
Creates FileC:\WINDOWS\Cursors\no_rl.cur
Creates FileC:\WINDOWS\Cursors\busy_rl.cur
Creates FileC:\WINDOWS\Cursors\help_m.cur
Creates FileC:\WINDOWS\Cursors\arrow_im.cur
Creates FileC:\WINDOWS\Cursors\arrow_rl.cur
Creates FileC:\WINDOWS\msgsocm.log
Creates FileC:\WINDOWS\setuplog.txt
Creates FileC:\WINDOWS\ocgen.log
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\4876393e4fb4c143883be71207327eb6\System.Drawing.Design.ni.dll
Creates FileC:\WINDOWS\TASKMAN.EXE
Creates FileC:\WINDOWS\FaxSetup.log
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a1138a1d023bdb47991eb08a7baeb041\System.DirectoryServices.Protocols.ni.dll
Creates FileC:\WINDOWS\msmqinst.log
Creates FileC:\WINDOWS\Cursors\sizenesw.ani
Creates FileC:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
Creates FileC:\WINDOWS\Cursors\harrow.cur
Creates FileC:\WINDOWS\Cursors\size4_im.cur
Creates FileC:\WINDOWS\wiadebug.log
Creates FileC:\WINDOWS\Cursors\3dgns.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
Creates FileC:\WINDOWS\Zapotec.bmp
Creates FileC:\WINDOWS\0.log
Creates FileC:\WINDOWS\Cursors\hourglas.ani
Creates FileC:\WINDOWS\AppPatch\AcLayers.dll
Creates FileC:\WINDOWS\Cursors\beam_l.cur
Creates FileC:\WINDOWS\Cursors\coin.ani
Creates FileC:\WINDOWS\Cursors\wagtail.ani
Creates FileC:\WINDOWS\Cursors\lmove.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
Creates FileC:\WINDOWS\sessmgr.setup.log
Creates FileC:\WINDOWS\explorer.scf
Creates FileC:\WINDOWS\Cursors\busy_i.cur
Creates FileC:\WINDOWS\Cursors\hand.ani
Creates FileC:\WINDOWS\Cursors\3dwarro.cur
Creates FileC:\WINDOWS\Cursors\banana.ani
Creates FileC:\WINDOWS\Cursors\size3_m.cur
Creates FileC:\WINDOWS\Cursors\size1_l.cur
Creates FileC:\WINDOWS\vb.ini
Creates FileC:\WINDOWS\Cursors\drum.ani
Creates FileC:\WINDOWS\Cursors\lnesw.cur
Creates FileC:\WINDOWS\Cursors\no_rm.cur
Creates FileC:\WINDOWS\Cursors\no_i.cur
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\225ba1a2ab6a9a479344d4cb1fb2cf4d\System.DirectoryServices.ni.dll
Creates FileC:\WINDOWS\Cursors\size2_r.cur
Creates FileC:\WINDOWS\Cursors\size1_rl.cur
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e159fddf60aee34e9a66ec6ba913b752\System.Security.ni.dll
Creates FileC:\WINDOWS\winhlp32.exe
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\07a1d8d20618de48b3cb798a24f977fc\AspNetMMCExt.ni.dll
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\cd756036bd3d00479a648c21aeaf72da\System.Web.Mobile.ni.dll
Creates FileC:\WINDOWS\Cursors\size2_l.cur
Creates FileC:\WINDOWS\AppPatch\msimain.sdb
Creates FileC:\WINDOWS\Cursors\move_im.cur
Creates FileC:\WINDOWS\setupapi.log
Creates FileC:\WINDOWS\Cursors\lwe.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
Creates FileC:\WINDOWS\Cursors\3dgmove.cur
Creates FileC:\WINDOWS\Cursors\move_rl.cur
Creates FileC:\WINDOWS\Cursors\cross_i.cur
Creates FileC:\WINDOWS\Cursors\move_l.cur
Creates FileC:\WINDOWS\Cursors\up_im.cur
Creates FileC:\WINDOWS\wiaservc.log
Creates FileC:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
Creates FileC:\WINDOWS\Cursors\busy_r.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\262de2c26ed52c4a967a1c31ef64127b\Microsoft.Build.Utilities.ni.dll
Creates FileC:\WINDOWS\FeatherTexture.bmp
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Creates FileC:\WINDOWS\Coffee Bean.bmp
Creates FileC:\WINDOWS\Cursors\help_il.cur
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Creates FileC:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
Creates FileC:\WINDOWS\Cursors\3dwwe.cur
Creates FileC:\WINDOWS\Cursors\pen_i.cur
Creates FileC:\WINDOWS\Cursors\size4_i.cur
Creates FileC:\WINDOWS\AppPatch\AcSpecfc.dll
Creates FileC:\WINDOWS\Cursors\help_i.cur
Creates FileC:\WINDOWS\Cursors\beam_rl.cur
Creates FileC:\WINDOWS\vbaddin.ini
Creates FileC:\WINDOWS\twain.dll
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
Creates FileC:\WINDOWS\DtcInstall.log
Creates FileC:\WINDOWS\Cursors\stopwtch.ani
Creates FileC:\WINDOWS\Cursors\lappstrt.cur
Creates FileC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\6f645a90cf0f1d44b2dc11a5e82e973c\Accessibility.ni.dll
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
Creates FileC:\WINDOWS\Cursors\3dwno.cur
Creates FileC:\WINDOWS\Cursors\wait_r.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
Creates FileC:\WINDOWS\Cursors\up_l.cur
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
Creates FileC:\WINDOWS\Cursors\vanisher.ani
Creates FileC:\WINDOWS\Cursors\size2_rl.cur
Creates FileC:\WINDOWS\Cursors\wait_i.cur
Creates FileC:\WINDOWS\Cursors\busy_im.cur
Creates FileC:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
Creates FileC:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
Creates FileC:\WINDOWS\Cursors\busy_rm.cur
Creates FileC:\WINDOWS\Cursors\3dsnwse.cur
Creates FileC:\WINDOWS\Cursors\move_il.cur
Creates FileC:\WINDOWS\Santa Fe Stucco.bmp
Creates FileC:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
Creates FileC:\WINDOWS\Cursors\beam_m.cur
Creates FileC:\WINDOWS\Cursors\pen_r.cur
Creates FileC:\WINDOWS\AppPatch\AcLua.dll
Creates FileC:\WINDOWS\Cursors\wait_il.cur
Creates FileC:\WINDOWS\Cursors\hourgla2.ani
Creates FileC:\WINDOWS\cmsetacl.log
Creates FileC:\WINDOWS\Cursors\handnesw.ani
Creates FileC:\WINDOWS\Cursors\handwait.ani
Creates FileC:\WINDOWS\PSEXESVC.EXE
Creates Process"C:\WINDOWS\system32\drivers\winlogon.exe"

Network Details:


Raw Pcap

Strings