not-a-virus:AdWare.Win32.iBryte.jcr (Kaspersky), Win32.Sality.3 (B) (Emsisoft), Win32.Sality.3 (AdAware), Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, VirusSality.YR, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)Behaviour: Worm, Virus, Adware, WormAutorun
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 84270c03daadd6bea52ba797f5f647fe
SHA1: 8b80277b718da6498449354baba9b48916a3afe7
SHA256: 9c2d9302a0d09c45857fc763cf43b24629cae2c58a19af60c49abbb32a18ce76
SSDeep: 24576:Sabs2agxSL4x33q7d9EljaB4CNpk0 LRjiF4pOaCgi5CICjNJoVn:SGzHxSL4xK77EljaB4CNpk0 FuuOaCg0
Size: 1131816 bytes
File type: EXE
Platform: WIN32
Entropy: Probably Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2013-07-08 22:26:17
Analyzed on: WindowsXP SP3 32-bit
Summary: Worm. A program that is primarily replicating on networks or removable drives.
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Worm's file once a user opens a drive's folder in Windows Explorer. |
Process activity
The Worm creates the following process(es):
%original file name%.exe:1736
The Worm injects its code into the following process(es):
%original file name%.exe:2140
Explorer.EXE:888
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:2140 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K9PL5V6Q\header_basicinstaller[1].jpg (2454 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5JCZ44MH\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\header.jpg (1444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp1.tmp (1843 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bottom.jpg (676 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BOO0MMUA\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8F2IR377\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lock.temp (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\truste.jpg (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K9PL5V6Q\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\side.jpg (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5JCZ44MH\offer_expired[1].jpg (4950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp2.tmp (4902 bytes)
The Worm deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tmp2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\header.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bottom.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\truste.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\side.jpg (0 bytes)
The process %original file name%.exe:1736 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%WinDir%\system.ini (70 bytes)
Registry activity
The process %original file name%.exe:2140 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1A 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 61 74 49 76 5A 6A 0D 20 7A 30 28 1B 45 67 BE"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Worm modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Worm modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Worm modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Worm deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process %original file name%.exe:1736 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"
[HKCU\Software\Aas]
"a1_0" = "363132892"
[HKCU\Software\Aas\695404737]
"35845605" = "383"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"
[HKCU\Software\Aas\695404737]
"50183847" = "26CEFB056C4C612B18DF8A4E39AD3E086BC14A679A0C16609597EAFA4EF436B86480FE516A315D6A51F28DA8CC0B11C7B9B304C866869787A103BDFE12342ED26176866CF93A99E8E0CDB62E08DCA2F8E5A923A228BAEAE68DD518B021F8E826E6A8FDBA0704B9328FCAEA4242FC6AF4104D60B896922EC0CEDBAF6F67E08E9F"
"43014726" = "0A00687474703A2F2F6163656D6F676C75737563756B6C6172692E636F6D2E74722F696D616765732F6C6F676F2E67696600687474703A2F2F612D6272696E672E636F6D2F73616E79626F6F6B2F6C6F676F2E67696600687474703A2F2F746E36396162692E636F6D2F696D616765732F6C6F676F662E67696600687474703A2F2F67696D382E706C2F6C6F676F2E67696600687474703A2F2F61636C617373616C657274732E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F7777772E3370696E6469612E696E2F696D616765732F6C6F676F2E67696600687474703A2F2F6163692E6772617469782E636F6D2E62722F6C6F676F2E67696600687474703A2F2F3173327176683931782E736974652E61706C75732E6E65742F696D616765732F6C6F676F2E67696600687474703A2F2F6162622E696E642E696E2F6C6F676F2E67696600687474703A2F2F7777772E616B70617274697361726976656C696C65722E636F6D2F696D616765732F696D672E676966"
[HKCU\Software\Aas]
"a3_0" = "17001001"
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"
[HKCU\Software\Aas\695404737]
"14338242" = "0"
"7169121" = "152"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"
[HKCU\Software\Aas\695404737]
"21507363" = "0"
"28676484" = "35"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "15 71 BD 49 91 D8 47 D2 D8 1E 7D 7B 0B 79 53 4F"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"
[HKCU\Software\Aas]
"a2_0" = "8009"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_0" = "0"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"
Firewall notifications are disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"
A firewall is disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"
Dropped PE files
MD5 | File path |
---|---|
1c1ea87018741b40ce59ef38413f3bf8 | c:\dlprfk.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Worm's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1736
- Delete the original Worm file.
- Delete or disinfect the following files created/modified by the Worm:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K9PL5V6Q\header_basicinstaller[1].jpg (2454 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5JCZ44MH\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\header.jpg (1444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp1.tmp (1843 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bottom.jpg (676 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BOO0MMUA\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8F2IR377\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lock.temp (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\truste.jpg (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K9PL5V6Q\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\side.jpg (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5JCZ44MH\offer_expired[1].jpg (4950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp2.tmp (4902 bytes)
%WinDir%\system.ini (70 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 108249 | 108544 | 4.57628 | a86fc2bf538baa7b21677cff46db8507 |
.rdata | 114688 | 15318 | 15360 | 3.73449 | 8c967fde6f1a1c1883021b4f09df413f |
.data | 131072 | 1809956 | 905216 | 4.66928 | a69393230e015e6399a865381f97f513 |
.rsrc | 1941504 | 98304 | 96768 | 5.23044 | 333698a7920490beb864e179803b42a6 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://imp.oi-imp1.com/impression.do/?user_id=9d834e20-2187-459a-b448-f71e374113e7&event=admin_true&spsource=google_zoomdownloadmngr-display-us-728x90-23609154882&implementation_id=3.4.8&subid=software&subid2=www.livemixtapes.com&traffic_source=google_zoomdownloader&offer_id=downloadmanager | 54.243.208.150 |
hxxp://imp.oi-imp1.com/impression.do/?user_id=9d834e20-2187-459a-b448-f71e374113e7&event=guest&spsource=google_zoomdownloadmngr-display-us-728x90-23609154882&implementation_id=3.4.8&subid=software&subid2=www.livemixtapes.com&traffic_source=google_zoomdownloader&offer_id=downloadmanager | 54.243.208.150 |
hxxp://imp.oi-imp1.com/impression.do/?user_id=9d834e20-2187-459a-b448-f71e374113e7&event=setup_run&spsource=google_zoomdownloadmngr-display-us-728x90-23609154882&implementation_id=3.4.8&subid=software&subid2=www.livemixtapes.com&traffic_source=google_zoomdownloader&offer_id=downloadmanager | 54.243.208.150 |
hxxp://imp.oi-imp1.com/impression.do/?user_id=9d834e20-2187-459a-b448-f71e374113e7&event=dpi_1&spsource=google_zoomdownloadmngr-display-us-728x90-23609154882&implementation_id=3.4.8&subid=software&subid2=www.livemixtapes.com&traffic_source=google_zoomdownloader&offer_id=downloadmanager | 54.243.208.150 |
hxxp://config.oi-config1.com/config/downloadmanager/offers.json?version=3.4.8&pid=installer&ts=2013-07-10T18:37:14.7140762Z&cc=US&ro=1 | 50.17.210.69 |
hxxp://imp.oi-imp1.com/impression.do/?user_id=9d834e20-2187-459a-b448-f71e374113e7&event=json_installer_initialize_734&spsource=google_zoomdownloadmngr-display-us-728x90-23609154882&implementation_id=3.4.8&subid=software&subid2=www.livemixtapes.com&traffic_source=google_zoomdownloader&offer_id=downloadmanager | 54.243.208.150 |
hxxp://dm930xmxv1gqs.cloudfront.net/installerpackage/wisedownloads/muted/header_basicinstaller.jpg | 54.192.54.86 |
hxxp://dm930xmxv1gqs.cloudfront.net/bundles/OfferExpired/offer_expired.jpg | 54.192.54.86 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /impression.do/?user_id=9d834e20-2187-459a-b448-f71e374113e7&event=admin_true&spsource=google_zoomdownloadmngr-display-us-728x90-23609154882&implementation_id=3.4.8&subid=software&subid2=VVV.livemixtapes.com&traffic_source=google_zoomdownloader&offer_id=downloadmanager HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Host: imp.oi-imp1.com
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/png
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 10 Sep 2014 17:24:17 GMT
Connection: close
Content-Length: 109
.PNG........IHDR..............wS.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?@....... .t.....IEND.B`...
GET /config/downloadmanager/offers.json?version=3.4.8&pid=installer&ts=2013-07-10T18:37:14.7140762Z&cc=US&ro=1 HTTP/1.1
User-Agent: 84270c03daadd6bea52ba797f5f647fe
Host: config.oi-config1.com
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Length: 42530
Content-Type: application/json
Expires: -1
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 10 Sep 2014 17:24:17 GMT
Connection: close
{.. "headers": [.. {.. "1": "hXXp://dm930xmxv1gqs.cloudfront.net/installerpackage/wisedownloads/muted/header_basicinstaller.jpg",.. "1.25": "hXXp://dm930xmxv1gqs.cloudfront.net/installerpackage/wisedownloads/muted/header_basicinstaller.jpg".. }.. ],.. "template": {.. "height": "500",.. "width": "680",.. "borderColor": "192,192,192",.. "style": "<style type=\"text/css\"> a, img {border:none;outline:none;}html, body{overflow: hidden;color: #333;margin: 0;padding: 0;font-family: Arial;}.clickthis{position: absolute;left: 25px;top: 0;bottom: 0;right: 0;cursor: pointer;}.express{overflow: auto;position: relative;width: 460px;height: 170px;margin-top: -5px;background: rgb(254, 254, 254);}a:hover, a:visited, a{color: #175891;text-decoration: none;border: 0;}#bottom-links{position: absolute;bottom: 40px;font-size: 8px;}#right-side{width:90% !important;height:95% !important;position: relative;margin: 0 0 0 10px;}#container{overflow: hidden;position: absolute;margin: 0;padding: 0;height: 80%;}input[type='checkbox']{margin-right: 10px;font-size: 8px;font-family: Arial, Helvetica, sans-serif;}h2, p, ol, ul, li{margin: 0px;padding: 0px;font-size: 12px;font-family: Arial, Helvetica, sans-serif;}ol, ul{padding: 3px 0 10px 22px;}li{padding: 0 0 4px 0;}hr{border: none;height: 1px;border-top: 1px dashed #999;}.expandable-panel{width: 440px;position: relative;overflow: hidden;margin-bottom: 5px;border: 1px solid rgb(232, 232, 232);}.expandable-panel-heading{clear: both;background-color: rgb(25
<<< skipped >>>
GET /impression.do/?user_id=9d834e20-2187-459a-b448-f71e374113e7&event=json_installer_initialize_734&spsource=google_zoomdownloadmngr-display-us-728x90-23609154882&implementation_id=3.4.8&subid=software&subid2=VVV.livemixtapes.com&traffic_source=google_zoomdownloader&offer_id=downloadmanager HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Host: imp.oi-imp1.com
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/png
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 10 Sep 2014 17:24:19 GMT
Connection: close
Content-Length: 109
.PNG........IHDR..............wS.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?@....... .t.....IEND.B`...
GET /impression.do/?user_id=9d834e20-2187-459a-b448-f71e374113e7&event=guest&spsource=google_zoomdownloadmngr-display-us-728x90-23609154882&implementation_id=3.4.8&subid=software&subid2=VVV.livemixtapes.com&traffic_source=google_zoomdownloader&offer_id=downloadmanager HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Host: imp.oi-imp1.com
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/png
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 10 Sep 2014 17:24:17 GMT
Connection: close
Content-Length: 109
.PNG........IHDR..............wS.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?@....... .t.....IEND.B`...
GET /impression.do/?user_id=9d834e20-2187-459a-b448-f71e374113e7&event=setup_run&spsource=google_zoomdownloadmngr-display-us-728x90-23609154882&implementation_id=3.4.8&subid=software&subid2=VVV.livemixtapes.com&traffic_source=google_zoomdownloader&offer_id=downloadmanager HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Host: imp.oi-imp1.com
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/png
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 10 Sep 2014 17:24:17 GMT
Connection: close
Content-Length: 109
.PNG........IHDR..............wS.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?@....... .t.....IEND.B`...
GET /impression.do/?user_id=9d834e20-2187-459a-b448-f71e374113e7&event=dpi_1&spsource=google_zoomdownloadmngr-display-us-728x90-23609154882&implementation_id=3.4.8&subid=software&subid2=VVV.livemixtapes.com&traffic_source=google_zoomdownloader&offer_id=downloadmanager HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Host: imp.oi-imp1.com
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/png
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 10 Sep 2014 17:24:18 GMT
Connection: close
Content-Length: 109
.PNG........IHDR..............wS.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?@....... .t.....IEND.B`...
GET /installerpackage/wisedownloads/muted/header_basicinstaller.jpg HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dm930xmxv1gqs.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 5341
Connection: keep-alive
Cache-Control: public
Last-Modified: Tue, 09 Sep 2014 21:38:58 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 09 Sep 2014 21:38:58 GMT
Age: 71122
X-Cache: Hit from cloudfront
Via: 1.1 10f04dcf7fab39d9dda9e8c964cf4ae1.cloudfront.net (CloudFront)
X-Amz-Cf-Id: VgSx6p-mcyPvfeyomzHFdeYXKKrjuZDi_Z6WuLcYPrLpHKRLhn0WeA==
......Exif..II*.................Ducky.......P......Adobe.d.................................................................................................................................................R..............................................................................................1A..V.!.".....U.WQ.R..Ta.2S.q..Bbt.w......................Q.R..!..1A..aq..."2Br3D.............?....................I.w...-%*....'V...i...0m.....`..r..................................................................P.t.'........~,.l....Y.m6.s...eQixYm.n.DVR..... .........k3.2...2.O-.Wm\.M$.O jifM4..Bbbi$LLV.".K..w.7.......R.H.Jjy`.j".U......,...8 W..... .-z..d......d....<(.e..&...mi^..z...a[.t]O.X..9....z.E....2...4..4...M.K..[t]...;.-...L.c.O.m.....3F..jk6fv...r...*...Q.. V..W.%.,.lOnkW%Pi...onfnf...... .\.7..O6. ..................................................................... R.s}.......u.......g.n|..]........oc.)wF..r.Bir.e..n\i-.....Gq..9.p...:.[7n......z.....n......m.:n.wq>....>..xm..r4.>w-.......k..q...i.SE/........ub.~....u/..M....j..........rv...ylj...Y..*M.6k.#![...].........{;v.........~..|............_............1'..vK{...9...c_.LX.eB7.....S....6mx.Rz.}..k.....<...=..Oww.q..[^.......t}..k.M.j..}n.6f.y=be4..i<......y.....f..e.3.Z..kw|..)7DDL....\K...8........O.l..?......g......?.....i._...W..v..4h...Wc=.\..,R.j-..Qk..|x..7wM-.....[....m".31.....................2u.<K3;.y6-..i\%.u.Y..jn...eh....u....e.O......7...)tE\...#..H....{SL..E.>.....:...b......d\.Y<3(M',....)>g....m.7W.
<<< skipped >>>
GET /bundles/OfferExpired/offer_expired.jpg HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dm930xmxv1gqs.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 16938
Connection: keep-alive
Cache-Control: public
Last-Modified: Wed, 10 Sep 2014 03:19:14 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 10 Sep 2014 03:19:13 GMT
Age: 50706
X-Cache: Hit from cloudfront
Via: 1.1 10f04dcf7fab39d9dda9e8c964cf4ae1.cloudfront.net (CloudFront)
X-Amz-Cf-Id: iYNYFFlmEtDMQbFeajkqTdo7jfCJw3xdRoSJiwS8dtssgm7pLKd9gg==
......Exif..II*.................Ducky.......P......Adobe.d...............................................................................................................................................................................................................................................!1AQa.."..q.2r...B#....R3..b$.C..S.&v7....................B....1.............?....n..w..u..g\7....g.7....g\7.....w..t.......`c.....`g...X..u.w..t........u.w..u..g\g...^.{.]_........i<W..;.! .........................................................2&....m@.P....@..:.;.......m@....0.|.m....lP.......lP.......b......_-A.j..|.C.r......................................................?...M..4@. .......D.....h.4O..'......w...p6....t@. .....D.........h.M.......I..U....\......................................................TUCp.............._.............c_...5..."mRx..hv.BW..........................................................2 .@.......;.}.@;..uP.."..MS....W@2........E.......5@...S..h.4P=..6.?..5..."l.x..hv.BW......................................................U7...]SP2..|@.. ..~.0....cT.....gU....T.@V.....I..\..~=.~.L.......I..]....\.....................................................].n..Z.E....^..../.. %.'j..~.....&...S.....T......~.$.h.{....N.'...B.........ox....;.........k.j.{T. .Z............................................................n..u@2..U;....KU.Z..;....C.........I.N...........Wk..<...N.*T..5.p."...........k.j.{.. ................................................................I.....=..U......".....
<<< skipped >>>
Map
The Worm connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_2140:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
PSSSSSSh
PSSSSSSh
FtPh
FtPh
PSShPhH
PSShPhH
hwEB
hwEB
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
ITwHACErWBssH1wGJxEDCSEqLRAgAS0aKiwtAyk KTE4AlxRPjlVVQ==
ITwHACErWBssH1wGJxEDCSEqLRAgAS0aKiwtAyk KTE4AlxRPjlVVQ==
%s (%s:%d)
%s (%s:%d)
E:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\afxwin1.inl
E:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\afxwin1.inl
Jw8pPCA6GyYvAgsqLCo9VQ==
Jw8pPCA6GyYvAgsqLCo9VQ==
IR9ROSwCWBssH1xHIz4PCiISHxwiKVVV
IR9ROSwCWBssH1xHIz4PCiISHxwiKVVV
LSobJyofMQs6OhsqLQ9YVQ==
LSobJyofMQs6OhsqLQ9YVQ==
OBIQMScrUDg/LA8YJwAbJCQfKRw/ERsOJzshHi0qGwUkECkgISsHOSBZPVU=
OBIQMScrUDg/LA8YJwAbJCQfKRw/ERsOJzshHi0qGwUkECkgISsHOSBZPVU=
IStcCysSHyksEQcbJAJYGSMPKQorERtdJztYGycPDD4=
IStcCysSHyksEQcbJAJYGSMPKQorERtdJztYGycPDD4=
bottom.jpg
bottom.jpg
side.jpg
side.jpg
header.jpg
header.jpg
truste.jpg
truste.jpg
i_temp.temp
i_temp.temp
JyopCysSH1AsHwMZIFkpIiMSA1EgOwNdJzsxHj8uAD4=
JyopCysSH1AsHwMZIFkpIiMSA1EgOwNdJzsxHj8uAD4=
MBAHPCA6GyYvAgsqLCo9VQ==
MBAHPCA6GyYvAgsqLCo9VQ==
ITohDiwBHzopWSkbIB8lMiQ7GywwAQsrLx8HACMfC1wiPBsQLwFYGT0qAwIpLik6IhAhCi8BIV8lOhsGLBEDDCE6ISwwOyUqIzwPRyQCWT4=
ITohDiwBHzopWSkbIB8lMiQ7GywwAQsrLx8HACMfC1wiPBsQLwFYGT0qAwIpLik6IhAhCi8BIV8lOhsGLBEDDCE6ISwwOyUqIzwPRyQCWT4=
IRIHAC87CyoiPAcZIBEDKiM8GDosAQsaLxEfUSQpUTkkWQMKKgEDXSIBKQApABsLIwEbXT0rKTkjOTECPzkpQw==
IRIHAC87CyoiPAcZIBEDKiM8GDosAQsaLxEfUSQpUTkkWQMKKgEDXSIBKQApABsLIwEbXT0rKTkjOTECPzkpQw==
ITktOSU7IV8vEgcbJCstMSQ7AwQjOyE5ITofGik7LV0hPAQLIAE5GD0pB1wtPlhdIwIcMScsWF0/KSkYIxFYBiEfUBwqKwsqLx9cASc7LQsnKwMELSstKSM5KRopOSUJIhIHODkSDys/PFxV
ITktOSU7IV8vEgcbJCstMSQ7AwQjOyE5ITofGik7LV0hPAQLIAE5GD0pB1wtPlhdIwIcMScsWF0/KSkYIxFYBiEfUBwqKwsqLx9cASc7LQsnKwMELSstKSM5KRopOSUJIhIHODkSDys/PFxV
JSlQICkBJSokOT0DJCocOSESHw49Ows7KxAfASk6UQ4iPBsQLwEhOywQHwYpOSY5ITwbJCo5VVU=
JSlQICkBJSokOT0DJCocOSESHw49Ows7KxAfASk6UQ4iPBsQLwEhOywQHwYpOSY5ITwbJCo5VVU=
cmd.exe
cmd.exe
#WINDOWSPATH
#WINDOWSPATH
chrome
chrome
KQQpPCA6GyYvAgsqLCo9VQ==
KQQpPCA6GyYvAgsqLCo9VQ==
ISsHICMBBxgkO1AYLSocPg==
ISsHICMBBxgkO1AYLSocPg==
CNotSupportedException
CNotSupportedException
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
ntdll.dll
ntdll.dll
kernel32.dll
kernel32.dll
%s%s.dll
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
comctl32.dll
comctl32.dll
comdlg32.dll
comdlg32.dll
shell32.dll
shell32.dll
CCmdTarget
CCmdTarget
hhctrl.ocx
hhctrl.ocx
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
Afx:%p:%x
commctrl_DragListMsg
commctrl_DragListMsg
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
CHttpConnection
CHttpConnection
CHttpFile
CHttpFile
hXXp://
hXXp://
WININET.DLL
WININET.DLL
HTTP/1.0
HTTP/1.0
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
mfcm90.dll
mfcm90.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
user32.dll
user32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
ole32.dll
ole32.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
operator
operator
portuguese-brazilian
portuguese-brazilian
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
OLEACC.dll
OLEACC.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
RPCRT4.dll
RPCRT4.dll
VERSION.dll
VERSION.dll
GetWindowsDirectoryA
GetWindowsDirectoryA
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
KERNEL32.dll
KERNEL32.dll
keybd_event
keybd_event
GetKeyboardState
GetKeyboardState
UnhookWindowsHookEx
UnhookWindowsHookEx
GetKeyState
GetKeyState
SetWindowsHookExA
SetWindowsHookExA
CreateDialogIndirectParamA
CreateDialogIndirectParamA
USER32.dll
USER32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GDI32.dll
GDI32.dll
COMDLG32.dll
COMDLG32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyA
RegOpenKeyA
RegOpenKeyA
RegCreateKeyExA
RegCreateKeyExA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
COMCTL32.dll
COMCTL32.dll
UrlUnescapeA
UrlUnescapeA
SHLWAPI.dll
SHLWAPI.dll
oledlg.dll
oledlg.dll
OLEAUT32.dll
OLEAUT32.dll
URLDownloadToFileA
URLDownloadToFileA
urlmon.dll
urlmon.dll
DeleteUrlCacheEntry
DeleteUrlCacheEntry
InternetCrackUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
WININET.dll
WININET.dll
GetProcessHeap
GetProcessHeap
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AV?$CList@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABV12@@@
.?AV?$CList@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABV12@@@
.?AV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@@@
.?AV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@@@
.PAVCException@@
.PAVCException@@
.PAVCFileException@@
.PAVCFileException@@
.PAVCObject@@
.PAVCObject@@
.?AV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABV12@@@
.?AV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABV12@@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCOleException@@
.PAVCOleException@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.PAVCInternetException@@
.PAVCInternetException@@
.?AVCHttpConnection@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
zcÃ
zcÃ
3.4.8
3.4.8
c:\%original file name%.exe
c:\%original file name%.exe
X.eqn
X.eqn
müL
müL
...aaattt
...aaattt
666;;;999
666;;;999
v4&s6(r6#t5#t5%s6%s6%t5#t5%s6%s6%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%s6(r82n>
v4&s6(r6#t5#t5%s6%s6%t5#t5%s6%s6%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%s6(r82n>
1m=(r6#t5%s6*q95iA
1m=(r6#t5%s6*q95iA
W*(q9%t5%t5&s6(r6*q9'f4.m;,p;(r8%s6%t5%s6$s4%t5%t5%t5%t5%s6%s6%t5%t5%s6%s6%s6%s6#t5#t5&s6%s6#t5#t5(r6&s6
W*(q9%t5%t5&s6(r6*q9'f4.m;,p;(r8%s6%t5%s6$s4%t5%t5%t5%t5%s6%s6%t5%t5%s6%s6%s6%s6#t5#t5&s6%s6#t5#t5(r6&s6
>0}?2}?-~?-
>0}?2}?-~?-
>0}?0}?-
>0}?0}?-
>2|@0}?)
>2|@0}?)
8N
8N
(I.OyVn
(I.OyVn
123456789:;
123456789:;
%&'()* ,-./0
%&'()* ,-./0
4G4D4N4
4G4D4N4
55
55
4 4$4(4,4044484
4 4$4(4,4044484
7"7&7*7.737;7
7"7&7*7.737;7
: ;%;/;~;
: ;%;/;~;
6 6$6(6,6
6 6$6(6,6
? ?$?(?,?
? ?$?(?,?
: :(:0:<:>
: :(:0:<:>
0 0
0 0
accKeyboardShortcut
accKeyboardShortcut
mscoree.dll
mscoree.dll
ekernel32.dll
ekernel32.dll
KERNEL32.DLL
KERNEL32.DLL
dgoogle_zoomdownloadmngr-display-US-728x90-23609154882^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^d9d834e20-2187-459a-b448-f71e374113e7^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^d2013-07-10T18:37:14.7140762Z^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
dgoogle_zoomdownloadmngr-display-US-728x90-23609154882^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^d9d834e20-2187-459a-b448-f71e374113e7^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^d2013-07-10T18:37:14.7140762Z^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
hXXp://ec2-107-20-76-158.compute-1.amazonaws.com/ThankYou/downloadmanager?source=google_zoomdownloadmngr-display-US-728x90-23609154882&subid1=software&subid2=VVV.livemixtapes.com&userid=9d834e20-2187-459a-b448-f71e374113e7&reason=complete&earlypop^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
hXXp://ec2-107-20-76-158.compute-1.amazonaws.com/ThankYou/downloadmanager?source=google_zoomdownloadmngr-display-US-728x90-23609154882&subid1=software&subid2=VVV.livemixtapes.com&userid=9d834e20-2187-459a-b448-f71e374113e7&reason=complete&earlypop^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
hXXp://ec2-107-20-76-158.compute-1.amazonaws.com/ThankYou/downloadmanager?source=google_zoomdownloadmngr-display-US-728x90-23609154882&subid1=software&subid2=VVV.livemixtapes.com&userid=9d834e20-2187-459a-b448-f71e374113e7^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
hXXp://ec2-107-20-76-158.compute-1.amazonaws.com/ThankYou/downloadmanager?source=google_zoomdownloadmngr-display-US-728x90-23609154882&subid1=software&subid2=VVV.livemixtapes.com&userid=9d834e20-2187-459a-b448-f71e374113e7^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^dsoftware^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^dVVV.livemixtapes.com^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^dgoogle_zoomdownloader^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^dsoftware^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^dVVV.livemixtapes.com^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^dgoogle_zoomdownloader^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|get.zoomdownloader.com|Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^d^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|get.zoomdownloader.com|Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^d^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All Files (*.*)
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
#Unable to load mail system support.
Setup.exe
Setup.exe
SetupManager.exe
SetupManager.exe
%original file name%.exe_2140_rwx_00400000_000F2000:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
PSSSSSSh
PSSSSSSh
FtPh
FtPh
PSShPhH
PSShPhH
hwEB
hwEB
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
ITwHACErWBssH1wGJxEDCSEqLRAgAS0aKiwtAyk KTE4AlxRPjlVVQ==
ITwHACErWBssH1wGJxEDCSEqLRAgAS0aKiwtAyk KTE4AlxRPjlVVQ==
%s (%s:%d)
%s (%s:%d)
E:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\afxwin1.inl
E:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\afxwin1.inl
Jw8pPCA6GyYvAgsqLCo9VQ==
Jw8pPCA6GyYvAgsqLCo9VQ==
IR9ROSwCWBssH1xHIz4PCiISHxwiKVVV
IR9ROSwCWBssH1xHIz4PCiISHxwiKVVV
LSobJyofMQs6OhsqLQ9YVQ==
LSobJyofMQs6OhsqLQ9YVQ==
OBIQMScrUDg/LA8YJwAbJCQfKRw/ERsOJzshHi0qGwUkECkgISsHOSBZPVU=
OBIQMScrUDg/LA8YJwAbJCQfKRw/ERsOJzshHi0qGwUkECkgISsHOSBZPVU=
IStcCysSHyksEQcbJAJYGSMPKQorERtdJztYGycPDD4=
IStcCysSHyksEQcbJAJYGSMPKQorERtdJztYGycPDD4=
bottom.jpg
bottom.jpg
side.jpg
side.jpg
header.jpg
header.jpg
truste.jpg
truste.jpg
i_temp.temp
i_temp.temp
JyopCysSH1AsHwMZIFkpIiMSA1EgOwNdJzsxHj8uAD4=
JyopCysSH1AsHwMZIFkpIiMSA1EgOwNdJzsxHj8uAD4=
MBAHPCA6GyYvAgsqLCo9VQ==
MBAHPCA6GyYvAgsqLCo9VQ==
ITohDiwBHzopWSkbIB8lMiQ7GywwAQsrLx8HACMfC1wiPBsQLwFYGT0qAwIpLik6IhAhCi8BIV8lOhsGLBEDDCE6ISwwOyUqIzwPRyQCWT4=
ITohDiwBHzopWSkbIB8lMiQ7GywwAQsrLx8HACMfC1wiPBsQLwFYGT0qAwIpLik6IhAhCi8BIV8lOhsGLBEDDCE6ISwwOyUqIzwPRyQCWT4=
IRIHAC87CyoiPAcZIBEDKiM8GDosAQsaLxEfUSQpUTkkWQMKKgEDXSIBKQApABsLIwEbXT0rKTkjOTECPzkpQw==
IRIHAC87CyoiPAcZIBEDKiM8GDosAQsaLxEfUSQpUTkkWQMKKgEDXSIBKQApABsLIwEbXT0rKTkjOTECPzkpQw==
ITktOSU7IV8vEgcbJCstMSQ7AwQjOyE5ITofGik7LV0hPAQLIAE5GD0pB1wtPlhdIwIcMScsWF0/KSkYIxFYBiEfUBwqKwsqLx9cASc7LQsnKwMELSstKSM5KRopOSUJIhIHODkSDys/PFxV
ITktOSU7IV8vEgcbJCstMSQ7AwQjOyE5ITofGik7LV0hPAQLIAE5GD0pB1wtPlhdIwIcMScsWF0/KSkYIxFYBiEfUBwqKwsqLx9cASc7LQsnKwMELSstKSM5KRopOSUJIhIHODkSDys/PFxV
JSlQICkBJSokOT0DJCocOSESHw49Ows7KxAfASk6UQ4iPBsQLwEhOywQHwYpOSY5ITwbJCo5VVU=
JSlQICkBJSokOT0DJCocOSESHw49Ows7KxAfASk6UQ4iPBsQLwEhOywQHwYpOSY5ITwbJCo5VVU=
cmd.exe
cmd.exe
#WINDOWSPATH
#WINDOWSPATH
chrome
chrome
KQQpPCA6GyYvAgsqLCo9VQ==
KQQpPCA6GyYvAgsqLCo9VQ==
ISsHICMBBxgkO1AYLSocPg==
ISsHICMBBxgkO1AYLSocPg==
CNotSupportedException
CNotSupportedException
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
ntdll.dll
ntdll.dll
kernel32.dll
kernel32.dll
%s%s.dll
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
comctl32.dll
comctl32.dll
comdlg32.dll
comdlg32.dll
shell32.dll
shell32.dll
CCmdTarget
CCmdTarget
hhctrl.ocx
hhctrl.ocx
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
Afx:%p:%x
commctrl_DragListMsg
commctrl_DragListMsg
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
CHttpConnection
CHttpConnection
CHttpFile
CHttpFile
hXXp://
hXXp://
WININET.DLL
WININET.DLL
HTTP/1.0
HTTP/1.0
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
mfcm90.dll
mfcm90.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
user32.dll
user32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
ole32.dll
ole32.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
operator
operator
portuguese-brazilian
portuguese-brazilian
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
OLEACC.dll
OLEACC.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
RPCRT4.dll
RPCRT4.dll
VERSION.dll
VERSION.dll
GetWindowsDirectoryA
GetWindowsDirectoryA
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
KERNEL32.dll
KERNEL32.dll
keybd_event
keybd_event
GetKeyboardState
GetKeyboardState
UnhookWindowsHookEx
UnhookWindowsHookEx
GetKeyState
GetKeyState
SetWindowsHookExA
SetWindowsHookExA
CreateDialogIndirectParamA
CreateDialogIndirectParamA
USER32.dll
USER32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GDI32.dll
GDI32.dll
COMDLG32.dll
COMDLG32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyA
RegOpenKeyA
RegOpenKeyA
RegCreateKeyExA
RegCreateKeyExA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
COMCTL32.dll
COMCTL32.dll
UrlUnescapeA
UrlUnescapeA
SHLWAPI.dll
SHLWAPI.dll
oledlg.dll
oledlg.dll
OLEAUT32.dll
OLEAUT32.dll
URLDownloadToFileA
URLDownloadToFileA
urlmon.dll
urlmon.dll
DeleteUrlCacheEntry
DeleteUrlCacheEntry
InternetCrackUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
WININET.dll
WININET.dll
GetProcessHeap
GetProcessHeap
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AV?$CList@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABV12@@@
.?AV?$CList@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABV12@@@
.?AV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@@@
.?AV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@@@
.PAVCException@@
.PAVCException@@
.PAVCFileException@@
.PAVCFileException@@
.PAVCObject@@
.PAVCObject@@
.?AV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABV12@@@
.?AV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABV12@@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCOleException@@
.PAVCOleException@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.PAVCInternetException@@
.PAVCInternetException@@
.?AVCHttpConnection@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
zcÃ
zcÃ
3.4.8
3.4.8
c:\%original file name%.exe
c:\%original file name%.exe
X.eqn
X.eqn
müL
müL
...aaattt
...aaattt
666;;;999
666;;;999
v4&s6(r6#t5#t5%s6%s6%t5#t5%s6%s6%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%s6(r82n>
v4&s6(r6#t5#t5%s6%s6%t5#t5%s6%s6%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%t5%s6(r82n>
1m=(r6#t5%s6*q95iA
1m=(r6#t5%s6*q95iA
W*(q9%t5%t5&s6(r6*q9'f4.m;,p;(r8%s6%t5%s6$s4%t5%t5%t5%t5%s6%s6%t5%t5%s6%s6%s6%s6#t5#t5&s6%s6#t5#t5(r6&s6
W*(q9%t5%t5&s6(r6*q9'f4.m;,p;(r8%s6%t5%s6$s4%t5%t5%t5%t5%s6%s6%t5%t5%s6%s6%s6%s6#t5#t5&s6%s6#t5#t5(r6&s6
>0}?2}?-~?-
>0}?2}?-~?-
>0}?0}?-
>0}?0}?-
>2|@0}?)
>2|@0}?)
8N
8N
(I.OyVn
(I.OyVn
123456789:;
123456789:;
%&'()* ,-./0
%&'()* ,-./0
4G4D4N4
4G4D4N4
55
55
4 4$4(4,4044484
4 4$4(4,4044484
7"7&7*7.737;7
7"7&7*7.737;7
: ;%;/;~;
: ;%;/;~;
6 6$6(6,6
6 6$6(6,6
? ?$?(?,?
? ?$?(?,?
: :(:0:<:>
: :(:0:<:>
0 0
0 0
accKeyboardShortcut
accKeyboardShortcut
mscoree.dll
mscoree.dll
ekernel32.dll
ekernel32.dll
KERNEL32.DLL
KERNEL32.DLL
dgoogle_zoomdownloadmngr-display-US-728x90-23609154882^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^d9d834e20-2187-459a-b448-f71e374113e7^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^d2013-07-10T18:37:14.7140762Z^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
dgoogle_zoomdownloadmngr-display-US-728x90-23609154882^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^d9d834e20-2187-459a-b448-f71e374113e7^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^d2013-07-10T18:37:14.7140762Z^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
hXXp://ec2-107-20-76-158.compute-1.amazonaws.com/ThankYou/downloadmanager?source=google_zoomdownloadmngr-display-US-728x90-23609154882&subid1=software&subid2=VVV.livemixtapes.com&userid=9d834e20-2187-459a-b448-f71e374113e7&reason=complete&earlypop^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
hXXp://ec2-107-20-76-158.compute-1.amazonaws.com/ThankYou/downloadmanager?source=google_zoomdownloadmngr-display-US-728x90-23609154882&subid1=software&subid2=VVV.livemixtapes.com&userid=9d834e20-2187-459a-b448-f71e374113e7&reason=complete&earlypop^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
hXXp://ec2-107-20-76-158.compute-1.amazonaws.com/ThankYou/downloadmanager?source=google_zoomdownloadmngr-display-US-728x90-23609154882&subid1=software&subid2=VVV.livemixtapes.com&userid=9d834e20-2187-459a-b448-f71e374113e7^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
hXXp://ec2-107-20-76-158.compute-1.amazonaws.com/ThankYou/downloadmanager?source=google_zoomdownloadmngr-display-US-728x90-23609154882&subid1=software&subid2=VVV.livemixtapes.com&userid=9d834e20-2187-459a-b448-f71e374113e7^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^dsoftware^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^dVVV.livemixtapes.com^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^dgoogle_zoomdownloader^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^dsoftware^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^dVVV.livemixtapes.com^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^dgoogle_zoomdownloader^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|get.zoomdownloader.com|Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^d^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|get.zoomdownloader.com|Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^d^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All Files (*.*)
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
#Unable to load mail system support.
Setup.exe
Setup.exe
SetupManager.exe
SetupManager.exe
%original file name%.exe_2140_rwx_012B0000_00002000:
SHELL32.DLL
SHELL32.DLL
ShellExecuteA
ShellExecuteA
KERNEL32.DLL
KERNEL32.DLL
.rsrc
.rsrc
.text
.text
Explorer.EXE_888_rwx_00FF0000_00002000:
SHELL32.DLL
SHELL32.DLL
ShellExecuteA
ShellExecuteA
KERNEL32.DLL
KERNEL32.DLL
.rsrc
.rsrc
.text
.text
%original file name%.exe_2140_rwx_016C0000_00001000:
|%original file name%.exeM_2140_
|%original file name%.exeM_2140_
Explorer.EXE_888_rwx_01FA0000_00001000:
|explorer.exeM_888_
|explorer.exeM_888_
Explorer.EXE_888_rwx_02110000_0108E000:
c:\windows
c:\windows
hXXp://acemoglusucuklari.com.tr/images/logo.gif
hXXp://acemoglusucuklari.com.tr/images/logo.gif
hXXp://a-bring.com/sanybook/logo.gif
hXXp://a-bring.com/sanybook/logo.gif
hXXp://tn69abi.com/images/logof.gif
hXXp://tn69abi.com/images/logof.gif
hXXp://gim8.pl/logo.gif
hXXp://gim8.pl/logo.gif
hXXp://aclassalerts.com/images/logo.gif
hXXp://aclassalerts.com/images/logo.gif
hXXp://VVV.3pindia.in/images/logo.gif
hXXp://VVV.3pindia.in/images/logo.gif
hXXp://aci.gratix.com.br/logo.gif
hXXp://aci.gratix.com.br/logo.gif
hXXp://1s2qvh91x.site.aplus.net/images/logo.gif
hXXp://1s2qvh91x.site.aplus.net/images/logo.gif
hXXp://abb.ind.in/logo.gif
hXXp://abb.ind.in/logo.gif
hXXp://VVV.akpartisariveliler.com/images/img.gif
hXXp://VVV.akpartisariveliler.com/images/img.gif
%System%\drivers\mrrkf.sys
%System%\drivers\mrrkf.sys
2759687011
2759687011
SHELL32.DLL
SHELL32.DLL
ShellExecuteA
ShellExecuteA
KERNEL32.DLL
KERNEL32.DLL
.rsrc
.rsrc
.text
.text
hXXp://89.119.67.154/testo5/
hXXp://89.119.67.154/testo5/
hXXp://kukutrustnet777.info/home.gif
hXXp://kukutrustnet777.info/home.gif
hXXp://kukutrustnet888.info/home.gif
hXXp://kukutrustnet888.info/home.gif
hXXp://kukutrustnet987.info/home.gif
hXXp://kukutrustnet987.info/home.gif
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
h.rdata
h.rdata
H.data
H.data
.reloc
.reloc
ntoskrnl.exe
ntoskrnl.exe
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50728)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50728)
Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
hXXp://VVV.klkjwre9fqwieluoi.info/
hXXp://VVV.klkjwre9fqwieluoi.info/
hXXp://kukutrustnet777888.info/
hXXp://kukutrustnet777888.info/
Software\Microsoft\Windows\CurrentVersion\policies\system
Software\Microsoft\Windows\CurrentVersion\policies\system
Software\Microsoft\Windows\ShellNoRoam\MUICache
Software\Microsoft\Windows\ShellNoRoam\MUICache
%s:*:Enabled:ipsec
%s:*:Enabled:ipsec
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
GdiPlus.dll
GdiPlus.dll
hXXp://
hXXp://
ipfltdrv.sys
ipfltdrv.sys
VVV.microsoft.com
VVV.microsoft.com
?%x=%d
?%x=%d
&%x=%d
&%x=%d
SYSTEM.INI
SYSTEM.INI
USER32.DLL
USER32.DLL
.%c%s
.%c%s
\\.\amsint32
\\.\amsint32
NTDLL.DLL
NTDLL.DLL
autorun.inf
autorun.inf
ADVAPI32.DLL
ADVAPI32.DLL
win%s.exe
win%s.exe
%s.exe
%s.exe
WININET.DLL
WININET.DLL
InternetOpenUrlA
InternetOpenUrlA
avast! Web Scanner
avast! Web Scanner
Avira AntiVir Premium WebGuard
Avira AntiVir Premium WebGuard
cmdGuard
cmdGuard
cmdAgent
cmdAgent
Eset HTTP Server
Eset HTTP Server
ProtoPort Firewall service
ProtoPort Firewall service
SpIDer FS Monitor for Windows NT
SpIDer FS Monitor for Windows NT
Symantec Password Validation
Symantec Password Validation
WebrootDesktopFirewallDataService
WebrootDesktopFirewallDataService
WebrootFirewall
WebrootFirewall
%d%d.tmp
%d%d.tmp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
%s\%s
%s\%s
%s\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
%s\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
Software\Microsoft\Windows\CurrentVersion\Ext\Stats
Software\Microsoft\Windows\CurrentVersion\Ext\Stats
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Explorer.exe
Explorer.exe
A2CMD.
A2CMD.
ASHWEBSV.
ASHWEBSV.
AVGCC.AVGCHSVX.
AVGCC.AVGCHSVX.
DRWEB
DRWEB
DWEBLLIO
DWEBLLIO
DWEBIO
DWEBIO
FSGUIEXE.
FSGUIEXE.
MCVSSHLD.
MCVSSHLD.
NPFMSG.
NPFMSG.
SYMSPORT.
SYMSPORT.
WEBSCANX.
WEBSCANX.
.adata
.adata
M_%d_
M_%d_
%c%d_%d
%c%d_%d
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryA
GetWindowsDirectoryA
RegEnumKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyA
RegCreateKeyA
RegCloseKey
RegCloseKey
SHFileOperationA
SHFileOperationA
&3&3&3&389
&3&3&3&389
.rdata
.rdata
.data
.data
Bkrnl.exe?
Bkrnl.exe?
= =$=(=,=
= =$=(=,=
322%2`.50728)
322%2`.50728)
.klkjw:9fqwi
.klkjw:9fqwi
FamXf39.sys
FamXf39.sys
.pBTa8
.pBTa8
%s:*:
%s:*:
Bg.laXV
Bg.laXV
&?%x=
&?%x=
GUrlA'
GUrlA'
Web%w|nc
Web%w|nc
HTTP)
HTTP)
2GUARDCMD.
2GUARDCMD.
.ENHCDM
.ENHCDM
PL/KPCKwWEB
PL/KPCKwWEB
MM.PFW.
MM.PFW.
.bssf
.bssf
J:CRT
J:CRT
ADVAPI32.dll
ADVAPI32.dll
MSVCRT.dll
MSVCRT.dll
SHELL32.dll
SHELL32.dll
WS2_32.dll
WS2_32.dll