gutyeaz.com
kadds.ru 91.211.117.127
91.211.117.76 91.211.117.76
94.47.254.1 94.47.254.1
UDP Connections
Remote IP Address: Port: 2323
Send Datagram: packet(s) of size 21
Recv Datagram: 3000 packet(s) of size 0
Remote IP Address: Port: 2323
Send Datagram: packet(s) of size 21
Recv Datagram: 3000 packet(s) of size 0
Remote IP Address: 91.211.117.127 Port: 2323
Send Datagram: packet(s) of size 21
Send Datagram: 3 packet(s) of size 10
Send Datagram: packet(s) of size 20
Send Datagram: 2 packet(s) of size 1
Send Datagram: 2 packet(s) of size 2
Recv Datagram: 6206 packet(s) of size 0
Recv Datagram: packet(s) of size 21
Recv Datagram: packet(s) of size 10
Recv Datagram: packet(s) of size 521
Recv Datagram: packet(s) of size 81
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: packet(s) of size 37
Recv Datagram: packet(s) of size 194
Download URLs
http://91.211.117.76/alter.exe (91.211.117.76)
Outgoing connection to remote server: 91.211.117.76 TCP port 80
C&C Server: 94.47.254.1:6692
Server Password:
Username: gvaumoix
Nickname: SKppvxXd
Channel: #0 (Password: )
Channeltopic: :=wo4KWTEFvKFMccLcQ6UHGktcD/nrzSS5miP7RB
Outgoing connection to remote server: 94.47.254.1 TCP port 6692
Resolved : [kadds.ru] To [91.211.117.76]
Resolved : [kadds.ru] To [91.211.117.146]
Resolved : [kadds.ru] To [91.211.117.127]
Registry Changes by all processes
Create or Open
Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenjuzjf.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Application Layer Gateway Service” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenalgs.exe
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:WINDOWSExplorer.EXE” = C:WINDOWSExplorer.EXE:*:Enabled:Application Layer Gateway Service
Reads HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography “MachineGuid”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{871C5380-42A0-1069-A2EA-08002B30309D}InProcServer32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{56F9679E-7826-4C84-81F3-532071A8BCC5}InprocServer32 “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlersFile� “ProgID”
HKEY_LOCAL_MACHINESOFTWAREClassesfile “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesMapi “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesOutlookexpress “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesOTFS “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “ScriptOk”
Enums HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlers
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlersFile
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedType
File Changes by all processes
New Files DeviceRasAcd
C:Dokumente und EinstellungenAdministratorAnwendungsdatenjuzjf.exe
.pipegslrhkqwehtklx
C:DOKUME~1ADMINI~1LOKALE~1Temp7901436.exe
C:Dokumente und EinstellungenAdministratorAnwendungsdatenalgs.exe
C:Dokumente und EinstellungenAdministratorAnwendungsdatenalgs.exe
Opened Files c:dcad8091f9f3a2a9ec824f94c0b7c5b2
C:Dokumente und EinstellungenAdministratorAnwendungsdatenjuzjf.exe
.pipegslrhkqwehtklx
.PIPElsarpc
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:DOKUME~1ADMINI~1LOKALE~1Temp
C:WINDOWSexplorer.exe
C:Dokumente und EinstellungenAdministratorAnwendungsdatenalgs.exe
C:ProgrammeWindows Desktop SearchMSNLNamespaceMgr.dll
C:DOKUME~1ADMINI~1LOKALE~1Temp7901436.exe
Deleted Files C:Dokumente und EinstellungenAdministratorAnwendungsdatenjuzjf.exe
C:Dokumente und EinstellungenAdministratorAnwendungsdatenalgs.exe
Chronological Order Open File: c:dcad8091f9f3a2a9ec824f94c0b7c5b2 (OPEN_EXISTING)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Set File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenjuzjf.exe Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenjuzjf.exe
Copy File: c:dcad8091f9f3a2a9ec824f94c0b7c5b2 to C:Dokumente und EinstellungenAdministratorAnwendungsdatenjuzjf.exe
Set File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenjuzjf.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenjuzjf.exe (OPEN_EXISTING)
Create NamedPipe: .pipegslrhkqwehtklx
Open File: .pipegslrhkqwehtklx (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Create File: C:DOKUME~1ADMINI~1LOKALE~1Temp7901436.exe
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp ()
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temp7901436.exe
Get File Attributes: c:cwsandboxcwsandbox.exe Flags: (SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenalgs.exe
Move File: C:DOKUME~1ADMINI~1LOKALE~1Temp7901436.exe to C:Dokumente und EinstellungenAdministratorAnwendungsdatenalgs.exe
Set File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenalgs.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Open File: C:WINDOWSexplorer.exe (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenalgs.exe (OPEN_EXISTING)
Set File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenalgs.exe Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Create File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenalgs.exe
Get File Attributes: C:Dokumente und EinstellungenAdministrator Flags: (SECURITY_ANONYMOUS)
Find File: ipconfig /flushdns.*
Open File: C:ProgrammeWindows Desktop SearchMSNLNamespaceMgr.dll (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAdministratoripconfig /flushdns.*
Find File: C:WINDOWSsystem32ipconfig /flushdns.*
Find File: C:WINDOWSSystemipconfig /flushdns.*
Find File: C:WINDOWSipconfig /flushdns.*
Find File: C:WINDOWSSystem32Wbemipconfig /flushdns.*
Find File: C:ProgrammeIntelDMIXipconfig /flushdns.*
Get File Attributes: C:Dokumente und EinstellungenAdministratoripconfig /flushdns Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSsystem32ipconfig /flushdns Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSSystemipconfig /flushdns Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSipconfig /flushdns Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSSystem32Wbemipconfig /flushdns Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:ProgrammeIntelDMIXipconfig /flushdns Flags: (SECURITY_ANONYMOUS)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp7901436.exe (OPEN_EXISTING)