Technical Information
To ensure autorun and distribution:
Substitutes the following executable system files:
- %WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll with %WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
Infects the following executable files:
- %WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
- %CommonProgramFiles%\Microsoft Shared\VC\msdia90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
Modifies file system:
Creates the following files:
- %TEMP%\is-OUMC8.tmp\<File name>.tmp
- C:\d2cc2cf2beeada6158a087\install.res.3082.dll
- C:\d2cc2cf2beeada6158a087\install.res.1031.dll
- C:\d2cc2cf2beeada6158a087\install.res.1028.dll
- C:\d2cc2cf2beeada6158a087\install.res.2052.dll
- C:\d2cc2cf2beeada6158a087\eula.1033.txt
- C:\d2cc2cf2beeada6158a087\install.res.1040.dll
- C:\d2cc2cf2beeada6158a087\install.res.1036.dll
- C:\d2cc2cf2beeada6158a087\eula.1042.txt
- C:\d2cc2cf2beeada6158a087\eula.1040.txt
- C:\d2cc2cf2beeada6158a087\eula.1036.txt
- C:\d2cc2cf2beeada6158a087\eula.3082.txt
- C:\d2cc2cf2beeada6158a087\eula.1031.txt
- C:\d2cc2cf2beeada6158a087\eula.1028.txt
- C:\d2cc2cf2beeada6158a087\eula.1041.txt
- C:\d2cc2cf2beeada6158a087\eula.1049.txt
- C:\d2cc2cf2beeada6158a087\install.res.1049.dll
- C:\d2cc2cf2beeada6158a087\install.res.1042.dll
- C:\d2cc2cf2beeada6158a087\globdata.ini
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1053\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1055\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1055\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\2052\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\2052\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\2070\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\2070\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\3082\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\3082\SPInstallerResources.dll
- C:\d2cc2cf2beeada6158a087\vc_red.cab
- C:\d2cc2cf2beeada6158a087\vc_red.msi
- C:\d2cc2cf2beeada6158a087\install.exe
- C:\d2cc2cf2beeada6158a087\install.res.1033.dll
- C:\d2cc2cf2beeada6158a087\eula.2052.txt
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1049\SPInstallerResources.dll
- C:\d2cc2cf2beeada6158a087\install.res.1041.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1035\SPInstallerResources.dll
- C:\d2cc2cf2beeada6158a087\install.ini
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- <SYSTEM32>\DirectX\DX6.tmp\dxupdate.dll
- <SYSTEM32>\DirectX\DX6.tmp\dxupdate.inf
- <SYSTEM32>\DirectX\DX6.tmp\dxupdate.cif
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1049\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1053\eula.rtf
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\d2cc2cf2beeada6158a087\$shtdwn$.req
- %TEMP%\dd_vcredistUI093A.txt
- %TEMP%\dd_vcredistMSI093A.txt
- %WINDIR%\Installer\253c4.ipi
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\MSI2.tmp
- C:\Config.Msi\253c5.rbs
- %TEMP%\VWL5.tmp
- %WINDIR%\Logs\DirectX.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- C:\d2cc2cf2beeada6158a087\vcredist.bmp
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1046\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1046\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1045\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_d3dx9_43_x64.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_d3dx9_43_x86.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_XACT_x64.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_XACT_x86.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_XAudio_x64.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_XAudio_x86.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\datavisualization_setupcore.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\DataVisualization_SetupCore.msi
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\DHtmlHeader.html
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\header.bmp
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\LocalizedData.xml
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\ParameterInfo.xml
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\SPInstaller.exe
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_d3dx10_43_x86.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_d3dcsx_43_x86.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_d3dx11_43_x86.cab
- <SYSTEM32>\DirectX\DX6.tmp\dxdllreg_x86.inf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\SPInstallerEngine.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_d3dcsx_43_x64.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\vcredist_x86_vs2008sp1.exe
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\AMD\amdcpusetup.exe
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\Binaries\InstallData\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\APR2007_xinput_x64.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\APR2007_xinput_x86.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\DSETUP.dll
- %TEMP%\is-TBJDF.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\dsetup32.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\DXSETUP.exe
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\dxupdate.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Feb2010_X3DAudio_x64.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Feb2010_X3DAudio_x86.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_D3DCompiler_43_x64.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_D3DCompiler_43_x86.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\dxdllreg_x86.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_d3dx10_43_x64.cab
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\SPInstallerUi.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\watermark.bmp
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1037\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1038\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1038\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1040\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1040\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1041\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1041\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1042\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1042\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1043\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1043\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1044\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1044\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1045\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\sqmapi.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1037\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\UiInfo.xml
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1036\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\Jun2010_d3dx11_43_x64.cab
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1025\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1025\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1028\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1028\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1029\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1029\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1030\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1030\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1031\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1031\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1032\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1032\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1033\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1033\SPInstallerResources.dll
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1035\eula.rtf
- %TEMP%\is-TBJDF.tmp\{app}\InstallFiles\MSChart\1036\eula.rtf
- <SYSTEM32>\DirectX\DX6.tmp\apr2007_xinput_x86.inf
Deletes the following files:
- %WINDIR%\Installer\MSI1.tmp
- C:\d2cc2cf2beeada6158a087\eula.1031.txt
- C:\d2cc2cf2beeada6158a087\eula.1028.txt
- C:\d2cc2cf2beeada6158a087\eula.2052.txt
- C:\d2cc2cf2beeada6158a087\globdata.ini
- C:\d2cc2cf2beeada6158a087\install.ini
- C:\d2cc2cf2beeada6158a087\vcredist.bmp
- C:\d2cc2cf2beeada6158a087\eula.3082.txt
- %TEMP%\VWL5.tmp
- C:\Config.Msi\253c5.rbs
- C:\Config.Msi\253ee.rbf
- C:\Config.Msi\253ed.rbf
- C:\Config.Msi\253ec.rbf
- C:\Config.Msi\253eb.rbf
- C:\Config.Msi\253ea.rbf
- %WINDIR%\Installer\253c4.ipi
- C:\d2cc2cf2beeada6158a087\install.res.3082.dll
- C:\d2cc2cf2beeada6158a087\vc_red.msi
- C:\d2cc2cf2beeada6158a087\eula.1049.txt
- C:\d2cc2cf2beeada6158a087\install.exe
- C:\d2cc2cf2beeada6158a087\install.res.1033.dll
- C:\d2cc2cf2beeada6158a087\install.res.1042.dll
- C:\d2cc2cf2beeada6158a087\install.res.1041.dll
- C:\d2cc2cf2beeada6158a087\install.res.1049.dll
- C:\d2cc2cf2beeada6158a087\install.res.1040.dll
- C:\Config.Msi\253e9.rbf
- C:\d2cc2cf2beeada6158a087\install.res.1036.dll
- C:\d2cc2cf2beeada6158a087\install.res.1031.dll
- C:\d2cc2cf2beeada6158a087\install.res.1028.dll
- C:\d2cc2cf2beeada6158a087\install.res.2052.dll
- C:\d2cc2cf2beeada6158a087\eula.1033.txt
- C:\d2cc2cf2beeada6158a087\eula.1042.txt
- C:\d2cc2cf2beeada6158a087\eula.1041.txt
- C:\d2cc2cf2beeada6158a087\eula.1036.txt
- C:\d2cc2cf2beeada6158a087\eula.1040.txt
- C:\Config.Msi\253e8.rbf
- C:\Config.Msi\253d6.rbf
- C:\Config.Msi\253d3.rbf
- C:\Config.Msi\253d2.rbf
- C:\Config.Msi\253d0.rbf
- C:\Config.Msi\253cf.rbf
- C:\Config.Msi\253ce.rbf
- C:\Config.Msi\253cd.rbf
- C:\Config.Msi\253d4.rbf
- C:\Config.Msi\253cc.rbf
- C:\Config.Msi\253ca.rbf
- C:\Config.Msi\253c9.rbf
- C:\Config.Msi\253c8.rbf
- C:\Config.Msi\253c7.rbf
- C:\Config.Msi\253c6.rbf
- %WINDIR%\Installer\MSI2.tmp
- C:\Config.Msi\253cb.rbf
- C:\Config.Msi\253de.rbf
- C:\Config.Msi\253e6.rbf
- C:\Config.Msi\253d7.rbf
- C:\Config.Msi\253e5.rbf
- C:\Config.Msi\253e4.rbf
- C:\Config.Msi\253e3.rbf
- C:\Config.Msi\253e2.rbf
- C:\Config.Msi\253e1.rbf
- C:\Config.Msi\253e0.rbf
- C:\Config.Msi\253e7.rbf
- C:\Config.Msi\253df.rbf
- C:\Config.Msi\253dd.rbf
- C:\Config.Msi\253dc.rbf
- C:\Config.Msi\253db.rbf
- C:\Config.Msi\253da.rbf
- C:\Config.Msi\253d9.rbf
- C:\Config.Msi\253d8.rbf
- C:\Config.Msi\253d5.rbf
- C:\d2cc2cf2beeada6158a087\vc_red.cab
Moves the following system files:
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll to C:\Config.Msi\253c6.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll to C:\Config.Msi\253de.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll to C:\Config.Msi\253df.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll to C:\Config.Msi\253e0.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll to C:\Config.Msi\253e1.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll to C:\Config.Msi\253e2.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll to C:\Config.Msi\253e3.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll to C:\Config.Msi\253dc.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll to C:\Config.Msi\253dd.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll to C:\Config.Msi\253e4.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll to C:\Config.Msi\253e7.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll to C:\Config.Msi\253e8.rbf
- from %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.4148.policy to C:\Config.Msi\253e9.rbf
- from %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.4148.policy to C:\Config.Msi\253ea.rbf
- from %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.30729.4148.policy to C:\Config.Msi\253eb.rbf
- from %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.30729.4148.policy to C:\Config.Msi\253ec.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll to C:\Config.Msi\253e5.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll to C:\Config.Msi\253e6.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll to C:\Config.Msi\253db.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll to C:\Config.Msi\253da.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll to C:\Config.Msi\253d9.rbf
- from %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e.cat to C:\Config.Msi\253c8.rbf
- from %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53.cat to C:\Config.Msi\253c9.rbf
- from %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313.cat to C:\Config.Msi\253ca.rbf
- from %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa.cat to C:\Config.Msi\253cb.rbf
- from %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.4148.cat to C:\Config.Msi\253cc.rbf
- from %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.4148.cat to C:\Config.Msi\253cd.rbf
- from %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.30729.4148.cat to C:\Config.Msi\253ce.rbf
- from %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2.cat to C:\Config.Msi\253c7.rbf
- from %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.30729.4148.cat to C:\Config.Msi\253cf.rbf
- from %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2.manifest to C:\Config.Msi\253d2.rbf
- from %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e.manifest to C:\Config.Msi\253d3.rbf
- from %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53.manifest to C:\Config.Msi\253d4.rbf
- from %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313.manifest to C:\Config.Msi\253d5.rbf
- from %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa.manifest to C:\Config.Msi\253d6.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll to C:\Config.Msi\253d7.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll to C:\Config.Msi\253d8.rbf
- from %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.4148.cat to C:\Config.Msi\253d0.rbf
- from %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.4148.policy to C:\Config.Msi\253ed.rbf
- from %WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll to C:\Config.Msi\253ee.rbf
Substitutes the following executable files:
- %CommonProgramFiles%\Microsoft Shared\VC\msdia90.dll
Network activity:
Connects to:
- 'wp#d':80
- '20#.#6.232.182':80
TCP:
HTTP GET requests:
- http://11#.#11.111.1/wpad.dat via wp#d
- http://crl.microsoft.com/pki/crl/products/CSPCA.crl via 20#.#6.232.182
UDP:
- DNS ASK wp#d
Miscellaneous:
Creates and executes the following:
- '%TEMP%\is-OUMC8.tmp\<File name>.tmp' /SL5="$30092,15997965,56832,<Full path to file>"
- '%TEMP%\is-TBJDF.tmp\{app}\InstallFiles\vcredist_x86_vs2008sp1.exe' /q
- 'C:\d2cc2cf2beeada6158a087\install.exe' /q
- '%TEMP%\is-TBJDF.tmp\{app}\InstallFiles\DXRedistCutdown\DXSETUP.exe' /silent
Executes the following:
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -Embedding 8EC920D0995CF1DDE9C0C119811CBBC0
