all4corp.com(Zeus hosted with United States New York Bluemile Inc)

DNS Lookup
Host Name IP Address
all4corp.com
all4corp.com 76.10.214.62
www.google.com
www.google.com 74.125.39.99

Opened listening TCP connection on port: 29790Download URLs
http://76.10.214.62/xed/config.bin (all4corp.com)
http://74.125.39.99/webhp (www.google.com)
http://76.10.214.62/xed/yourbot.exe (all4corp.com)
http://76.10.214.62/xed/yourbot.exe (all4corp.com)
http://76.10.214.62/xed/yourbot.exe (all4corp.com)
Data posted to URLs
http://76.10.214.62/xed/gate.php (all4corp.com)

Outgoing connection to remote server: all4corp.com TCP port 80
Outgoing connection to remote server: www.google.com TCP port 80
Outgoing connection to remote server: all4corp.com TCP port 80
Outgoing connection to remote server: all4corp.com TCP port 80
Outgoing connection to remote server: all4corp.com TCP port 80
Outgoing connection to remote server: all4corp.com TCP port 80
Outgoing connection to remote server: all4corp.com TCP port 80
Outgoing connection to remote server: all4corp.com TCP port 80

Registry Changes by all processes
Create or Open
Changes HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy” = [REG_BINARY, size: 116 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “Enabled” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPrivacy “CleanCookies” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1609” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1406” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1609” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1406” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1609” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1406” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1609” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1406” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1609” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “{65890343-5845-2C9B-76E3-847CC22B23F1}” = “C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe”
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy” = [REG_BINARY, size: 116 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Koeli” = [REG_BINARY, size: 558287 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Nara” = [REG_BINARY, size: 80 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Nara” = [REG_BINARY, size: 96 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Nara” = [REG_BINARY, size: 112 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy” = [REG_BINARY, size: 116 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy” = [REG_BINARY, size: 116 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy” = [REG_BINARY, size: 116 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy” = [REG_BINARY, size: 116 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy” = [REG_BINARY, size: 116 bytes]
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “InstallDate”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “DigitalProductId”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “Enabled”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “EnabledV8”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPrivacy “CleanCookies”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy”
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “Enabled”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “EnabledV8”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy”
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Koeli”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography “MachineGuid”
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Nara”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{56F9679E-7826-4C84-81F3-532071A8BCC5}InprocServer32 “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlersFile “ProgID”
HKEY_LOCAL_MACHINESOFTWAREClassesfile “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesMapi “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesOutlookexpress “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesOTFS “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “ScriptOk”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “Enabled”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “EnabledV8”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPrivacy “CleanCookies”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “Enabled”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “EnabledV8”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPrivacy “CleanCookies”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DisableUNCCheck”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “EnableExtensions”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DelayedExpansion”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DefaultColor”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “CompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “PathCompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “AutoRun”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DisableUNCCheck”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “EnableExtensions”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DelayedExpansion”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DefaultColor”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “CompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “PathCompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “AutoRun”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “Enabled”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “EnabledV8”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPrivacy “CleanCookies”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “Enabled”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “EnabledV8”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPrivacy “CleanCookies”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DisableUNCCheck”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “EnableExtensions”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DelayedExpansion”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DefaultColor”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “CompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “PathCompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “AutoRun”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DisableUNCCheck”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “EnableExtensions”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DelayedExpansion”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DefaultColor”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “CompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “PathCompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “AutoRun”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “Enabled”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “EnabledV8”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPrivacy “CleanCookies”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones1 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones3 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1406”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones4 “1609”
HKEY_CURRENT_USERSoftwareMicrosoftNomyad “Exwiezy”
Enums HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyOID
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyOIDEncodingType 0CertDllOpenStoreProv
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlers
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlersFile
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedType

File Changes by all processes
New Files C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.upm
C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe
C:DOKUME~1ADMINI~1LOKALE~1Temptmp194abd60.bat
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.tmp
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.upm
DeviceRasAcd
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.tmp
C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe
C:DOKUME~1ADMINI~1LOKALE~1Temptmpbef4f03fyourbot.exe
C:DOKUME~1ADMINI~1LOKALE~1Temptmp41b3f7e6yourbot.exe
C:DOKUME~1ADMINI~1LOKALE~1Temptmp90e7c95c.bat
Opened Files c:yourbot.exe
.PIPElsarpc
c:yourbot.exe
C:Dokumente und EinstellungenAdministratorAnwendungsdaten
C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe
C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbi
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.upm
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApug
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbi
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat
C:WINDOWSsystem32
C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe
.PIPElsarpc
C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe
.PIPElsarpc
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.upm
C:Dokumente und EinstellungenAdministratorCookiesadministrator@adfarm1.adition[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@adsfac[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@doubleclick[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@ebay[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@gmads[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@gmx[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[3].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[4].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[5].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@heise[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@ivwbox[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@mail.google[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@met.vgwort[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@quality-channel[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@skype.tt.omtrdc[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@skype[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@uimserv[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.gmx[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.google[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.heise[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.spiegel[1].txt
c:autoexec.bat
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.tmp
C:ProgrammeWindows Desktop SearchMSNLNamespaceMgr.dll
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00
C:DOKUME~1ADMINI~1LOKALE~1Temptmpbef4f03f
C:DOKUME~1ADMINI~1LOKALE~1Temptmp41b3f7e6
.PIPElsarpc
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat
.PIPElsarpc
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat
C:DOKUME~1ADMINI~1LOKALE~1Temptmp194abd60.bat
.PIPElsarpc
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat
C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe
.PIPElsarpc
C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
C:DOKUME~1ADMINI~1LOKALE~1Temptmp90e7c95c.bat
.PIPElsarpc
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat
C:DOKUME~1ADMINI~1LOKALE~1Temptmpbef4f03fyourbot.exe
.PIPElsarpc
C:DOKUME~1ADMINI~1LOKALE~1Temptmpbef4f03fyourbot.exe
Deleted Files C:Dokumente und EinstellungenAdministratorCookiesadministrator@adfarm1.adition[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@adsfac[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@doubleclick[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@ebay[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@gmads[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@gmx[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[3].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[4].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[5].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@heise[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@ivwbox[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@mail.google[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@met.vgwort[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@quality-channel[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@skype.tt.omtrdc[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@skype[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@uimserv[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.gmx[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.google[2].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.heise[1].txt
C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.spiegel[1].txt
C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.tmp
c:yourbot.exe
C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe
Chronological Order Find File:
Open File: c:yourbot.exe (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: c:yourbot.exe (OPEN_EXISTING)
Get File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdaten Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbi Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe Flags: (SECURITY_ANONYMOUS)
Create File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe
Get File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApug Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.upm Flags: (SECURITY_ANONYMOUS)
Create File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.upm
Set File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe Flags: (FILE_ATTRIBUTE_ARCHIVE SECURITY_ANONYMOUS)
Create File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdaten (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe (OPEN_EXISTING)
Set File Time: C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbi (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.upm (OPEN_EXISTING)
Set File Time: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.upm
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApug (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbi ()
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat (OPEN_EXISTING)
Create File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp194abd60.bat
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32cmd.exe
Find File:
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenSauxbigiap.exe (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat (OPEN_EXISTING)
Get File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.tmp Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.upm Flags: (SECURITY_ANONYMOUS)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.upm (OPEN_EXISTING)
Move File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.upm to C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.tmp
Find File: C:Dokumente und EinstellungenAdministratorCookies*
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@adfarm1.adition[1].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@adsfac[2].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@doubleclick[2].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@ebay[1].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@gmads[1].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@gmx[1].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[1].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[3].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[4].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[5].txt (OPEN_EXISTING)
Get File Attributes: c:cwsandboxcwsandbox.exe Flags: (SECURITY_ANONYMOUS)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@heise[1].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@ivwbox[2].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@mail.google[1].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@met.vgwort[1].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@quality-channel[2].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@skype.tt.omtrdc[1].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@skype[1].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@uimserv[2].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.gmx[2].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.google[2].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.heise[1].txt (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.spiegel[1].txt (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAdministratorCookiesLow*
Get File Attributes: C:Dokumente und Einstellungen Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministrator Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdaten Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApug Flags: (SECURITY_ANONYMOUS)
Create/Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.upm (OPEN_ALWAYS)
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@adfarm1.adition[1].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@adfarm1.adition[1].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@adsfac[2].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@adsfac[2].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@doubleclick[2].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@doubleclick[2].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@ebay[1].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@ebay[1].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@gmads[1].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@gmads[1].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@gmx[1].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@gmx[1].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[1].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[1].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[3].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[3].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[4].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[4].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[5].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@google[5].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@heise[1].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@heise[1].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@ivwbox[2].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@ivwbox[2].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@mail.google[1].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@mail.google[1].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@met.vgwort[1].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@met.vgwort[1].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@quality-channel[2].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@quality-channel[2].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@skype.tt.omtrdc[1].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@skype.tt.omtrdc[1].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@skype[1].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@skype[1].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@uimserv[2].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@uimserv[2].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.gmx[2].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.gmx[2].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.google[2].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.google[2].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.heise[1].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.heise[1].txt
Set File Attributes: C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.spiegel[1].txt Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorCookiesadministrator@www.spiegel[1].txt
Get File Attributes: c:autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:autoexec.bat (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftSystemCertificatesMyCertificates*
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftSystemCertificatesMyCRLs*
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftSystemCertificatesMyCTLs*
Find File: C:Dokumente und EinstellungenAll UsersAnwendungsdaten*
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdaten*
Find File: C:Programme*
Find File: C:WINDOWS*
Find File: C:*
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.tmp (OPEN_EXISTING)
Create/Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.tmp (OPEN_ALWAYS)
Set File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.tmp Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.tmp
Create File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe Flags: (SECURITY_ANONYMOUS)
Open File: C:ProgrammeWindows Desktop SearchMSNLNamespaceMgr.dll (OPEN_EXISTING)
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe:Zone.Identifier Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00 ()
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe
Create File: C:DOKUME~1ADMINI~1LOKALE~1Temptmpbef4f03fyourbot.exe
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Temptmpbef4f03fyourbot.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Temptmpbef4f03fyourbot.exe:Zone.Identifier Flags: (SECURITY_ANONYMOUS)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temptmpbef4f03f ()
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temptmpbef4f03fyourbot.exe
Create File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp41b3f7e6yourbot.exe
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Temptmp41b3f7e6yourbot.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Temptmp41b3f7e6yourbot.exe:Zone.Identifier Flags: (SECURITY_ANONYMOUS)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp41b3f7e6 ()
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp41b3f7e6yourbot.exe
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat (OPEN_EXISTING)
Get File Attributes: C: Flags: (SECURITY_ANONYMOUS)
Find File: C:
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp194abd60.bat
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp194abd60.bat (OPEN_EXISTING)
Get File Attributes: c:yourbot.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c: Flags: (SECURITY_ANONYMOUS)
Find File: c:yourbot.exe
Delete File: c:yourbot.exe
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat (OPEN_EXISTING)
Find File:
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat (OPEN_EXISTING)
Create File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp90e7c95c.bat
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32cmd.exe
Get File Attributes: C:Dokumente und EinstellungenAdministrator Flags: (SECURITY_ANONYMOUS)
Find File: C:Dokumente und Einstellungen
Find File: C:Dokumente und EinstellungenAdministrator
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp90e7c95c.bat
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp90e7c95c.bat (OPEN_EXISTING)
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00 Flags: (SECURITY_ANONYMOUS)
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe
Delete File: C:DOKUME~1ADMINI~1LOKALE~1Temptmp80375d00yourbot.exe
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenApugoggy.dat (OPEN_EXISTING)
Find File:
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temptmpbef4f03fyourbot.exe (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temptmpbef4f03fyourbot.exe (OPEN_EXISTING)

infos about hoster:
http://whois.domaintools.com/76.10.214.62

Categories: Uncategorized