Technical Information
- Windows Task Manager (Taskmgr)
- '%CommonProgramFiles%\InstallShield\Engine\6\Intel 32\IKernel.exe' 32\IKernel.exe -Embedding
- '%CommonProgramFiles%\InstallShield\Engine\6\Intel 32\IKernel.exe' -RegServer
- '%TEMP%\pftB~tmp\Disk1\Setup.exe'
- '%TEMP%\{b6f7dbe7-2fe2-458f-a738-b10832746036}\pidgent.exe' "R2D433DHG9DQ79WW3DXQ929DY" "55901" "C46-00007" "MSFT" 0
- '%CommonProgramFiles%\InstallShield\Engine\6\Intel 32\IKernel.exe' /REGSERVER
- '<SYSTEM32>\wscript.exe' "%ProgramFiles%\Microsoft\MSreaderSetup\setup.vbs"
- '<SYSTEM32>\wscript.exe' "%ProgramFiles%\Microsoft\MSreaderSetup\settings.vbs"
- '%ProgramFiles%\Microsoft\MSreaderSetup\installing.exe'
- '%WINDIR%\Installer\MSI8.tmp' "%ProgramFiles%\Microsoft\MSreaderSetup\installing.exe"
- '<SYSTEM32>\wscript.exe' "%ProgramFiles%\Microsoft\MSreaderSetup\config.vbs"
- '%ProgramFiles%\Microsoft\MSreaderSetup\MSreader.exe'
- '%ProgramFiles%\Microsoft\MSreaderSetup\installer.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Microsoft Controller\Microsoft Controller.vbs"
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
- '<SYSTEM32>\msiexec.exe' -Embedding B15946D9DBC04DA0713F039FAD20D0DC
- '<SYSTEM32>\msiexec.exe' /i "%APPDATA%\Microsoft\MSreaderSetup 2.4.2\install\setup.msi" AI_SETUPEXEPATH="<Full path to file>" SETUPEXEDIR="<Current directory>\" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "
- '<SYSTEM32>\msiexec.exe' /V
- %ProgramFiles%\Microsoft\MSreaderSetup\ProgramFiles64Folder\Microsoft Reader\CC Cashout Method 1 - Unknown.lit
- %ProgramFiles%\Microsoft\MSreaderSetup\ProgramFiles64Folder\Microsoft Reader\CVV to Paypal v1.1 - Unknown.lit
- %ProgramFiles%\Microsoft Reader\Western Union BIN Exploit PS400 a Day 20 - Unknown.lit
- %ProgramFiles%\Microsoft\MSreaderSetup\ProgramFiles64Folder\Microsoft Reader\Easy PP CVV Cashout - Unknown.lit
- %WINDIR%\Installer\23533.msi
- %TEMP%\~DF48A.tmp
- %ProgramFiles%\Microsoft\MSreaderSetup\ProgramFiles64Folder\Microsoft Reader\PP or CC To BTC Cashout 2015 - Unknown.lit
- %ProgramFiles%\Microsoft\MSreaderSetup\ProgramFiles64Folder\Microsoft Reader\Western Union BIN Exploit PS400 a Day 20 - Unknown.lit
- %ProgramFiles%\Microsoft\MSreaderSetup\installingCom.exe
- %ProgramFiles%\Microsoft\MSreaderSetup\installing.exe
- %WINDIR%\Installer\MSI6.tmp
- %APPDATA%\Microsoft\MSreaderSetup 2.4.2\install\disk1.cab
- %ProgramFiles%\Microsoft Reader\Easy PP CVV Cashout - Unknown.lit
- %ProgramFiles%\Microsoft Reader\PP or CC To BTC Cashout 2015 - Unknown.lit
- %ProgramFiles%\Microsoft Reader\CC Cashout Method 1 - Unknown.lit
- %ProgramFiles%\Microsoft Reader\CVV to Paypal v1.1 - Unknown.lit
- %WINDIR%\Installer\MSI8.tmp
- %TEMP%\e054.rra
- %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\coreec0c.rra
- %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\temp.000
- %HOMEPATH%\Microsoft Controller\Microsoft Controller.vbs
- %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\iuseef96.rra
- %CommonProgramFiles%\InstallShield\IScript\iscrf41a.rra
- %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\ctorec89.rra
- %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\objeef19.rra
- %ProgramFiles%\Microsoft\MSreaderSetup\settings.vbs
- %ProgramFiles%\Microsoft\MSreaderSetup\config.vbs
- %ProgramFiles%\Microsoft\MSreaderSetup\installer.exe
- %ProgramFiles%\Microsoft\MSreaderSetup\MSreader.exe
- %TEMP%\plf9.tmp
- %TEMP%\IECC.tmp
- %ProgramFiles%\Microsoft\MSreaderSetup\setup.vbs
- %TEMP%\extA.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- %TEMP%\218ed.msi
- %WINDIR%\Installer\2352f.msi
- %APPDATA%\Microsoft\MSreaderSetup 2.4.2\install\setup.msi
- %APPDATA%\Microsoft\MSreaderSetup 2.4.2\install\setup.x64.msi
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\MSI2.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- %WINDIR%\Installer\MSI4.tmp
- C:\Config.Msi\23532.rbs
- %WINDIR%\Installer\MSI3.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- %TEMP%\~DFA70C.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- %WINDIR%\Installer\23531.ipi
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- %ProgramFiles%\Microsoft\MSreaderSetup\config.vbs
- %TEMP%\IECC.tmp
- %TEMP%\extA.tmp
- %TEMP%\pftB~tmp\pftw1.pkg
- %ProgramFiles%\Microsoft\MSreaderSetup\setup.vbs
- %APPDATA%\Microsoft\MSreaderSetup 2.4.2\install\setup.x64.msi
- %APPDATA%\Microsoft\MSreaderSetup 2.4.2\install\disk1.cab
- %ProgramFiles%\Microsoft\MSreaderSetup\installer.exe
- %APPDATA%\Microsoft\MSreaderSetup 2.4.2\install\setup.msi
- %TEMP%\218ed.msi
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI6.tmp
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\2352f.msi
- %WINDIR%\Installer\23531.ipi
- C:\Config.Msi\23532.rbs
- %WINDIR%\Installer\MSI8.tmp
- from %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\objeef19.rra to %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\objectps.dll
- from %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\iuseef96.rra to %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\iuser.dll
- from %CommonProgramFiles%\InstallShield\IScript\iscrf41a.rra to %CommonProgramFiles%\InstallShield\IScript\iscript.dll
- from %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\temp.000 to %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\IKernel.exe
- from %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\coreec0c.rra to %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\corecomp.ini
- from %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\ctorec89.rra to %CommonProgramFiles%\InstallShield\Engine\6\Intel 32\ctor.dll
- ClassName: 'EDIT' WindowName: ''