ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 2 February 2012, 15:27:19
Processing time: 11 min 59 sec
Submitted sample:

File MD5: 0x2FFAF0E364DF89C09730244014C0FDC3
File SHA-1: 0x4D8F18DCCFB160331942D2AD006D68DEF99BECA4
Filesize: 463,080 bytes
Packer info: packed with: UPX [Kaspersky Lab]

Summary of the findings:

What's been found	Severity Level
Capability to send out email message(s) with the built-in SMTP client engine.
Produces outbound traffic.
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%CommonAppData%\WeCareReminder\aspca.bmp	6,856 bytes	MD5: 0x9B3020D102C80526D832706EE822C8EB SHA-1: 0x78AFF57A4008ED5D45A1D7CD8581294A63D9DE7B	(not available)
2	%CommonAppData%\WeCareReminder\IEHelperv2.5.0.dll	299,008 bytes	MD5: 0x0D9A6F93C5924E7066E3E4E65D2E52ED SHA-1: 0x1AFC7ACB2E590AE84BA9593A6AA7639701984B42	(not available)
3	%CommonAppData%\WeCareReminder\IEHelperv2.5.0PS.dll	8,704 bytes	MD5: 0x66CDDDD95BD9284900FB30CCF7620D1A SHA-1: 0x53A41B8917279E7F4C11312431899154A5345022	(not available)
4	%CommonAppData%\WeCareReminder\MerchantHash.txt	101,503 bytes	MD5: 0x445AB41B8601FF9E3F16549172B3543A SHA-1: 0xE0F041660C0FCBE0358E9F99396B52B62C37FFFF	(not available)
5	%CommonAppData%\WeCareReminder\ReminderHelper.exe	432,128 bytes	MD5: 0xA0E2E9146F53C34221A41C028387BB2A SHA-1: 0xD7EBD226DC5936729B28A08E95D296A396D02598	(not available)
6	%CommonAppData%\WeCareReminder\WCAutoUpdate.exe	369,664 bytes	MD5: 0x37772FD5410F59E3E6A9606949525C2A SHA-1: 0x405255E8209FF71F520B9F1B6F904DEB0AC186A4	(not available)
7	%CommonAppData%\WeCareReminder\wecarereminder@bryan\chrome\wecarereminder.jar	92,560 bytes	MD5: 0xB0AFD1EF2B70EB325C120D1E9B2699DC SHA-1: 0x7E81067A82210AACAFD713E7F6329453FD5ED4FE	(not available)
8	%CommonAppData%\WeCareReminder\wecarereminder@bryan\chrome.manifest	1,661 bytes	MD5: 0xA6A82565234B13C6A6F8DD5FF34C9357 SHA-1: 0x99BF4C0931CFC7427E3895B67829A62C405C5E00	(not available)
9	%CommonAppData%\WeCareReminder\wecarereminder@bryan\components\httpModifyListener.js	20,209 bytes	MD5: 0xB347A66669FDD9A79B6C86464CE676AC SHA-1: 0x7B4E09BB02978AAE7214EE48BAFA0E2C583041C4	(not available)
10	%CommonAppData%\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.idl	497 bytes	MD5: 0x1E8EE5C1674EEC89D8FFF4EC4079B036 SHA-1: 0x2224608E488AD6DF7698493BD530ECD381D96A27	(not available)
11	%CommonAppData%\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.js	3,140 bytes	MD5: 0xE60C31967306A91DC5F58DBBCF6409D6 SHA-1: 0x520ACD24C59ADC1D28A435F104C1752DE98F4900	(not available)
12	%CommonAppData%\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.xpt	375 bytes	MD5: 0x7C7B3B65DBB6628BB9E532490D2FB09E SHA-1: 0x45070AA9AE4DA0D815CCD7D52A12F72DF2E6CADD	(not available)
13	%CommonAppData%\WeCareReminder\wecarereminder@bryan\components\WCVisitedHash.idl	663 bytes	MD5: 0x17757684E3DE55D64A696F5EB24C3CF0 SHA-1: 0x4922E3D57D881E80901FB4559CE5E370D308EC71	(not available)
14	%CommonAppData%\WeCareReminder\wecarereminder@bryan\components\WCVisitedHash.js	7,983 bytes	MD5: 0xEDE7CED055A69FF7386109FF9CBCD2CB SHA-1: 0x62E8F30C1C2D4DB39101FE647012E59E6920B9CC	(not available)
15	%CommonAppData%\WeCareReminder\wecarereminder@bryan\components\WCVisitedHash.xpt	241 bytes	MD5: 0x4BFD325334421F683B7C724D0C9FA63D SHA-1: 0x1F4186843C778222575813EBA9B10468B64138EE	(not available)
16	%CommonAppData%\WeCareReminder\wecarereminder@bryan\defaults\preferences\wecarereminder.js	1,172 bytes	MD5: 0x0628505DC4438F625E8440C2259E43E7 SHA-1: 0xDC0BB48F4CE3D81EF580576BB8616D351EB3420F	(not available)
17	%CommonAppData%\WeCareReminder\wecarereminder@bryan\install.rdf	1,315 bytes	MD5: 0x5DB18223045E03D46A3A9E2A22DDDF99 SHA-1: 0x7FA6078249C1A2E88B473749EBA3F4E03CDD4F50	(not available)
18	%CommonAppData%\WeCareReminder\wecarereminder@bryan\ltvid.xml	82 bytes	MD5: 0x2DA58CF5C08322E4AD8D121A5AA12259 SHA-1: 0x470440F1842FC842CCDE0B50ECF81B305798D8CD	(not available)
19	%CommonAppData%\WeCareReminder\wecarereminder@bryan\MerchHash.txt	69,256 bytes	MD5: 0x4EBDB9DAF2A2347ABB66E879C379FFE9 SHA-1: 0x25A0B263876154FC4A6ECAACD3D7F220CA89D1EB	(not available)
20	%CommonAppData%\WeCareReminder\wecarereminder@bryan\META-INF\manifest.mf	1,821 bytes	MD5: 0x1CF47A81A6D83CB1F30B2AA469CF396F SHA-1: 0x88B31BF19F9491FEF663D0F9A1319FD692C9002D	(not available)
21	%CommonAppData%\WeCareReminder\wecarereminder@bryan\META-INF\zigbert.rsa	1,905 bytes	MD5: 0x67C5E562B37C80F70434E9561C0A9984 SHA-1: 0x12F6E88BC935178B5FBCAF3B4F27B2ED47CAFD6A	(not available)
22	%CommonAppData%\WeCareReminder\wecarereminder@bryan\META-INF\zigbert.sf	1,929 bytes	MD5: 0x9D5BA09B9E9EF9D343A541DC915009F4 SHA-1: 0xAE7FC50FF1A85CCB71258F6D95E839B62DC96164	(not available)
23	%CommonAppData%\WeCareReminder\wecarereminderro.crx	149,657 bytes	MD5: 0x12B5FAC40ACFCC51D216709C2E962F70 SHA-1: 0x88000210B40F09AEDA9C523C213BC968CEE1932F	(not available)
24	%CommonDesktopDir%\Preview Nyan Cat Screensaver.lnk	1,861 bytes	MD5: 0x9CB6BC26A3B42DA5218FB1B4BB1012A9 SHA-1: 0x3C1477D9AB7A7A7119F0CDF8FA79DBFD75E51849	(not available)
25	%CommonPrograms%\Nyan Cat\Preview Nyan Cat Screensaver.lnk	1,873 bytes	MD5: 0xF58C3668971726BDD613B931D0032E23 SHA-1: 0x741993777341026EE315C87F16331C4F37DC36F6	(not available)
26	%CommonPrograms%\Nyan Cat\Uninstall Nyan Cat.lnk	1,733 bytes	MD5: 0xEC39396B2803D25894F9380797B1568B SHA-1: 0xE1B7660A6D23FBF146397F0971C3248B0DAFC1C3	(not available)
27	%DesktopDir%\Install Nyan Cat Screensaver.lnk	981 bytes	MD5: 0x3832DCC8FA5091CF6C48EAC7CAFE0A6D SHA-1: 0x22C87327381D54E6DFEA160C1C96E9F37BDE0024	(not available)
28	%Temp%\ICReinstall\[filename of the sample #1]	463,080 bytes	MD5: 0x2FFAF0E364DF89C09730244014C0FDC3 SHA-1: 0x4D8F18DCCFB160331942D2AD006D68DEF99BECA4	packed with UPX [Kaspersky Lab]
29	%Temp%\is1598539481\105672_Setup.DAT %Temp%\is1598539481\52369_Setup.DAT %MyDocuments%\Nyan_Cat_Screensaver.exe	8,202,841 bytes	MD5: 0x370D99E28D8773E695C2FF115ADF1F9C SHA-1: 0x2103F1A45F7C739D23285E7B0DC398DD91484D4F	(not available)
30	%Temp%\is1598539481\351303159.cfg	218 bytes	MD5: 0xD654521DFC0E20424C1850B88EA7C5A7 SHA-1: 0x39F6D3B000F5A4B3AFFB8B3190F68EEADA126A48	(not available)
31	%Temp%\is1598539481\513800.cfg	218 bytes	MD5: 0x0A44AAD860B29B48F628DDBFC8AE9A49 SHA-1: 0x279519BE6B0A5645EECC67915458540AA73EF2CD	(not available)
32	%Temp%\is1598539481\52381_Setup.CIS	1,733,990 bytes	MD5: 0x4CC2E2DC4B9C7B7C212ABEB6889E7F75 SHA-1: 0x45A60F979F853EB97DA685E7FF23DC7DEECB592A	(not available)
33	%Temp%\is1598539481\ReadOnlyInstaller.msi	4,411,392 bytes	MD5: 0x4905C09876A61D8D2BB787F3F06BB4EE SHA-1: 0xBEF87F37B825A75663ADDC911557575E222C6F2E	(not available)
34	%Temp%\ish211312\css\buttons.css	1,238 bytes	MD5: 0xE10BA3C9C951F5555528C9B291334879 SHA-1: 0xE231BE4624910387AAAE4301D856DAB528F8522C	(not available)
35	%Temp%\ish211312\css\ie6_main.css	475 bytes	MD5: 0xEC8BC9B61645C661B1BD3DCC8F781B30 SHA-1: 0x96D9124BF9D0D0F2E343A372ED3460F9F0C2A7CA	(not available)
36	%Temp%\ish211312\css\main.css	4,562 bytes	MD5: 0x1D7B7D4B58AE79B4C4CADDE36B409242 SHA-1: 0xE3531BB7B293DD813C4B1A5481E71CB40B0E316A	(not available)
37	%Temp%\ish211312\css\progress-bar.css	508 bytes	MD5: 0xE1FCF8B6066AF9A266AE34738ED5C000 SHA-1: 0x4D1079CCDFE311B77177BED54163C7CC73D7D1BE	(not available)
38	%Temp%\ish211312\defaultOffer\ad_html.txt	233 bytes	MD5: 0xE321D82C7629CFB1D714779402DD23DD SHA-1: 0xD8560FE919A0F62DBCA5FAE957654F34E4D2F065	(not available)
39	%Temp%\ish211312\defaultOffer\images\techtracker.jpg	26,693 bytes	MD5: 0x199832D24E8AA5EC99AE079E8BB5B1E7 SHA-1: 0x8DE13A46F38035B0D02E27A0656CC1E584787807	(not available)
40	%Temp%\ish211312\defaultOffer\TechTracker\TechTracker_code.txt	2,966 bytes	MD5: 0xE695AFF87DE58D140142A47F4F4BA207 SHA-1: 0xE09D03AEE8B62B6AB56C7B7A2F1956A8BDA74CD1	(not available)
41	%Temp%\ish211312\defaultOffer\TechTracker\TechTracker_html.txt	1,021 bytes	MD5: 0xD60E47EEE106B761F7D7676CE8E12A2D SHA-1: 0x2A458683BA295C7DB0A6615E8CDB567B79F2C4FD	(not available)
42	%Temp%\ish211312\images\green_btn.png	485 bytes	MD5: 0xB570EA77375823BE8510C0F27768ED62 SHA-1: 0x096ED270C93AD811039738B7FB53E05EAAE7F4BB	(not available)
43	%Temp%\ish211312\images\grey_btn.png	360 bytes	MD5: 0x501821D95E958528FED4747E4190B39F SHA-1: 0x70E3C15D3CE5853A67AA741EC701D3AF307D7BD9	(not available)
44	%Temp%\ish211312\images\loader.gif	7,791 bytes	MD5: 0xEDB71146254D3B8EBAE18607E801398C SHA-1: 0x8775027DA6F6CC19C72D20C7F1615A01112E5D3C	(not available)
45	%Temp%\ish211312\images\main.png	22,145 bytes	MD5: 0x1A2AD75C0AF449D5719473655EF5AF04 SHA-1: 0x82C5BA738B9CD2508EA2D69DA7985D586A4F0DCA	(not available)
46	%Temp%\ish211312\images\offer_box2.png	3,024 bytes	MD5: 0x61F74251810068CB9EDAEAADA3C50D29 SHA-1: 0x3B779B8E723CA1E1E73AC534A2D415A18FB2DB6E	(not available)
47	%Temp%\ish211312\images\pause_btn.png	982 bytes	MD5: 0x14B92CBE22EF5A31A5533D0AB114537E SHA-1: 0xE428F1B0236F7A85FAF045237A7CD29A305D936C	(not available)
48	%Temp%\ish211312\images\prod-icon.png	4,622 bytes	MD5: 0xEF430C7CB8DAD930F9E51941593B2AF2 SHA-1: 0x03CA0848FD18014781B7C1DA5064A761E1F317F8	(not available)
49	%Temp%\ish211312\images\progress_bar.png	456 bytes	MD5: 0x26588A39E960E2F5BA70FC082A8F02AF SHA-1: 0x116B62C07995D60F9BFC492296CC9C5C5A1AD26A	(not available)
50	%Temp%\ish211312\images\resume_btn.png	985 bytes	MD5: 0x05E22E0225F53B69A44B443540C20324 SHA-1: 0xAF5EB7EBF4F053B17D19A678EC84C329E632B2DF	(not available)
51	%Temp%\ish211312\images\secure_dwnl.png	2,862 bytes	MD5: 0x6F2B1F7689B06EEF2D9C4E5E00B9EE2E SHA-1: 0xBDB0B30006AF53427194EA79F0615992CB84A99B	(not available)
52	%Temp%\ish211312\images\welcome_prod_box.png	1,593 bytes	MD5: 0x93791BDB5453514A501AD84985B69824 SHA-1: 0x4FD167C14DDBC76472082C3C5ADB37052C96D6C0	(not available)
53	%Temp%\ish211312\images\zip_icon.png	943 bytes	MD5: 0xA17CADDBEE24EF3FFB3DAA1D12EF3933 SHA-1: 0x728D11A32C5610D0362E9AED32F6F376CAD937DF	(not available)
54	%Temp%\ish211312\locale\EN.locale	2,450 bytes	MD5: 0x5128DACAA4884C07897B2A14E924CE2D SHA-1: 0x383A9A3F9EC01FA528A206802F75518638D79669	(not available)
55	%Temp%\ish211312\mask.bmp.Mask	196 bytes	MD5: 0x6A385B06B6108CD109828A9F5F9FBE4C SHA-1: 0x8003481E740E7E02F32DF1C6866E0809BF59B1A9	(not available)
56	%Temp%\ish211312\sdk\exceptlist.txt	34 bytes	MD5: 0xF01863CCE9F2A2E4DCEF02F285E561AF SHA-1: 0xE2CBA65BE3F487E3760CF8D9247D3F4F73FF8174	(not available)
57	%Temp%\nsf10.tmp\AdvSplash.dll %Temp%\nsm4.tmp\AdvSplash.dll	6,144 bytes	MD5: 0x13CC92F90A299F5B2B2F795D0D2E47DC SHA-1: 0xAA69EAD8520876D232C6ED96021A4825E79F542F	(not available)
58	%Temp%\nsf10.tmp\inetc.dll	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
59	%Temp%\nsf10.tmp\OCSetupHlp.dll %Temp%\nsm4.tmp\OCSetupHlp.dll	768,328 bytes	MD5: 0x1FB4A4A1947E77C2F98C34C47018CAE7 SHA-1: 0x0EF4CF91C83A67C075C6FA5CA8E941EBA7951B39	(not available)
60	%Temp%\nsf10.tmp\System.dll %Temp%\nsm4.tmp\System.dll	11,264 bytes	MD5: 0xC17103AE9072A06DA581DEC998343FC1 SHA-1: 0xB72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D	(not available)
61	%Temp%\nsm4.tmp\BrandingURL.dll	4,096 bytes	MD5: 0x71C46B663BAA92AD941388D082AF97E7 SHA-1: 0x5A9FCCE065366A526D75CC5DED9AADE7CADD6421	(not available)
62	%Temp%\nsm4.tmp\inetc.dll	24,576 bytes	MD5: 0x1EFBBF5A54EB145A1A422046FD8DFB2C SHA-1: 0xEC4EFD0A95BB72FD4CF47423647E33E5A3FDDF26	(not available)
63	%Temp%\nsm4.tmp\modern-header.bmp	25,818 bytes	MD5: 0xD717C961B77315B3D5F9C08F7B30CFA8 SHA-1: 0xB00ED9F90D298F0C54B51498F43C182D252A2E32	(not available)
64	%Temp%\nsm4.tmp\modern-wizard.bmp	154,542 bytes	MD5: 0xF71434A4E6D7A3CAD9B0C93F45F7546D SHA-1: 0x01F7928F6C028AF6A7F2DBB19B9D35FB185A78BB	(not available)
65	%ProgramFiles%\ScreenSaverGift\Nyan Cat\Nyan Cat\Nyan Cat.scr	8,320,080 bytes	MD5: 0xBA12FC9B3DFBCC99B0DD2F3AF6BE05DA SHA-1: 0x799039B0683E0CEDB0D169541479F920ECCE29F5	(not available)
66	%ProgramFiles%\ScreenSaverGift\Nyan Cat\Nyan Cat\screen.ico	136,606 bytes	MD5: 0xF153B664965E12FFC0BB49FBBF8AAD7C SHA-1: 0x506391747EE33B786FC5AF2472740A5C15B75F18	(not available)
67	%ProgramFiles%\ScreenSaverGift\Nyan Cat\Nyan Cat\screensavergift.ico	11,502 bytes	MD5: 0x1559FB3269A39E22C31DE910E9D76F51 SHA-1: 0x9B1D4EC5EC45934B120789C81E254DCDC17F9704	(not available)
68	%ProgramFiles%\ScreenSaverGift\Nyan Cat\Nyan Cat\Uninstall Nyan Cat.exe	219,697 bytes	MD5: 0x70601BF8A643B167CAC221342D714CCA SHA-1: 0xF8F461F24C1E6AE9EF78EAB16790FB61E7AC824A	(not available)
69	%ProgramFiles%\ScreenSaverGift\Nyan Cat\Nyan Cat\uninstall.ico	295,887 bytes	MD5: 0xD4E07F9FF8AAD1A472443F744D8BBEF2 SHA-1: 0x684CBB5A9D0C503F2D642B0B38ACAFE2844B875E	(not available)
70	%Windir%\Installer\1c68b.msi	3,570,176 bytes	MD5: 0xCD7FB6DBFDACB275337171DA55A06C02 SHA-1: 0xB9B104584D020AD5E82CC640EFF5BC97468BC134	(not available)
71	%Windir%\Installer\{1CCF681C-C203-49B3-83F4-A54F0F944416}\icon.ico	894 bytes	MD5: 0xFDED327A04EC0F953F086B045BE1DB21 SHA-1: 0xA3E4D62F6B5B0714C1391EA8165BBDFC36FE8620	(not available)

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

The following directories were created:

%Temp%\ish211312
%Temp%\nsf10.tmp
%System%\rmdir
%System%\tmp
%CommonAppData%\WeCareReminder
%CommonAppData%\WeCareReminder\wecarereminder@bryan
%CommonAppData%\WeCareReminder\wecarereminder@bryan\chrome
%CommonAppData%\WeCareReminder\wecarereminder@bryan\components
%CommonAppData%\WeCareReminder\wecarereminder@bryan\defaults
%CommonAppData%\WeCareReminder\wecarereminder@bryan\defaults\preferences
%CommonAppData%\WeCareReminder\wecarereminder@bryan\META-INF
%CommonPrograms%\Nyan Cat
%Temp%\ICReinstall
%Temp%\is1598539481
%Temp%\ish211312\css
%Temp%\ish211312\defaultOffer
%Temp%\ish211312\defaultOffer\images
%Temp%\ish211312\defaultOffer\TechTracker
%Temp%\ish211312\images
%Temp%\ish211312\locale
%Temp%\ish211312\sdk
%Temp%\nsm4.tmp
%ProgramFiles%\ScreenSaverGift
%ProgramFiles%\ScreenSaverGift\Nyan Cat
%ProgramFiles%\ScreenSaverGift\Nyan Cat\Nyan Cat
%Windir%\Installer\{1CCF681C-C203-49B3-83F4-A54F0F944416}

Notes:

%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
Nyan_Cat_Screensaver.exe	%MyDocuments%\nyan_cat_screensaver.exe	438,272 bytes
[filename of the sample #1]	[file and pathname of the sample #1]	1,101,824 bytes

The following system service was modified:

Service Name	Display Name	New Status	Service Filename
MSIServer	Windows Installer	"Running"	%System%\msiexec.exe /V

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\C186FCC1302C3B94384F5AF4F0494461
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C186FCC1302C3B94384F5AF4F0494461
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C186FCC1302C3B94384F5AF4F0494461\SourceList
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C186FCC1302C3B94384F5AF4F0494461\SourceList\Media
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C186FCC1302C3B94384F5AF4F0494461\SourceList\Net
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\BD8F57F8F34D45D40B74EC25EE00D72E
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}\NumMethods
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHelperv250.WeCareReminder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BD8F57F8F34D45D40B74EC25EE00D72E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaverGift
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaverGift\Nyan Cat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CCF681C-C203-49B3-83F4-A54F0F944416}
HKEY_LOCAL_MACHINE\SOFTWARE\Google
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon
HKEY_LOCAL_MACHINE\SOFTWARE\Nyan Cat
HKEY_CURRENT_USER\Software\Microsoft\Windows Script
HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings
HKEY_CURRENT_USER\Software\wecarereminder

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL]

AppID = "{4FBBF769-ECEB-420A-B536-133B1D505C36}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}]

(Default) = "IEHelperv250"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\VersionIndependentProgID]

(Default) = "IEHelperv250.WeCareReminder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\TypeLib]

(Default) = "{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ProgID]

(Default) = "IEHelperv250.WeCareReminder.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\InprocServer32]

ThreadingModel = "Apartment"
(Default) = "%CommonAppData%\WeCareReminder\IEHelperv2.5.0.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}]

(Default) = "WeCareReminder Class"
AppID = "{4FBBF769-ECEB-420A-B536-133B1D505C36}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}\InProcServer32]

(Default) = "%CommonAppData%\WeCareReminder\IEHelperv2.5.0PS.dll"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}]

(Default) = "PSFactoryBuffer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\C186FCC1302C3B94384F5AF4F0494461]

Complete = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C186FCC1302C3B94384F5AF4F0494461\SourceList\Net]

1 = "%Temp%\is1598539481\"
2 = "%Temp%\is1598539481\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C186FCC1302C3B94384F5AF4F0494461\SourceList\Media]

1 = ";"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C186FCC1302C3B94384F5AF4F0494461\SourceList]

PackageName = "ReadOnlyInstaller.msi"
LastUsedSource = "n;2;%Temp%\is1598539481\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C186FCC1302C3B94384F5AF4F0494461]

ProductName = "ASPCA Reminder by We-Care.com v5.0.5.1"
PackageCode = "02AFE259CAC27AF409DABDD4CED609A9"
Language = 0x00000409
Version = 0x05000005
Assignment = 0x00000001
AdvertiseFlags = 0x00000184
ProductIcon = "%Windir%\Installer\{1CCF681C-C203-49B3-83F4-A54F0F944416}\icon.ico"
InstanceType = 0x00000000
AuthorizedLUAApp = 0x00000000
Clients = ":"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\BD8F57F8F34D45D40B74EC25EE00D72E]

C186FCC1302C3B94384F5AF4F0494461 = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}\TypeLib]

(Default) = "{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}\NumMethods]

(Default) = "7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}]

(Default) = "IWeCareReminder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}\1.0\0\win32]

(Default) = "%CommonAppData%\WeCareReminder\IEHelperv2.5.0.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}\1.0\HELPDIR]

(Default) = "%CommonAppData%\WeCareReminder\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}\1.0\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}\1.0]

(Default) = "IEHelperv250 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHelperv250.WeCareReminder]

(Default) = "WeCareReminder Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1\CurVer]

(Default) = "{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1\CLSID]

(Default) = "IEHelperv250.WeCareReminder.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1]

(Default) = "WeCareReminder Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}]

AppName = "ReminderHelper.exe"
AppPath = "C:\ProgramData\WeCareReminder"
Policy = 0x00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}]

(Default) = "WeCareReminder"
NoExplorer = 0x00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

%CommonAppData%\WeCareReminder\ = ""
%CommonAppData%\WeCareReminder\wecarereminder@bryan\ = ""
%CommonAppData%\WeCareReminder\wecarereminder@bryan\defaults\preferences\ = ""
%CommonAppData%\WeCareReminder\wecarereminder@bryan\defaults\ = ""
%CommonAppData%\WeCareReminder\wecarereminder@bryan\components\ = ""
%CommonAppData%\WeCareReminder\wecarereminder@bryan\META-INF\ = ""
%CommonAppData%\WeCareReminder\wecarereminder@bryan\chrome\ = ""
%Windir%\Installer\{1CCF681C-C203-49B3-83F4-A54F0F944416}\ = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BD8F57F8F34D45D40B74EC25EE00D72E]

C186FCC1302C3B94384F5AF4F0494461 = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaverGift\Nyan Cat]

DisplayName = "ScreenSaverGift Nyan Cat"
UninstallString = ""%ProgramFiles%\ScreenSaverGift\Nyan Cat\Nyan Cat\Uninstall Nyan Cat Screensaver.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CCF681C-C203-49B3-83F4-A54F0F944416}]

AuthorizedCDFPrefix = ""
Comments = ""
Contact = ""
DisplayVersion = "5.0.5.1"
HelpLink = ""
HelpTelephone = ""
InstallDate = "20120202"
InstallLocation = ""
InstallSource = "%Temp%\is1598539481\"
ModifyPath = "MsiExec.exe /X{1CCF681C-C203-49B3-83F4-A54F0F944416}"
NoModify = 0x00000001
Publisher = "We-Care.com"
Readme = ""
Size = ""
EstimatedSize = 0x000005CE
UninstallString = "MsiExec.exe /X{1CCF681C-C203-49B3-83F4-A54F0F944416}"
URLInfoAbout = ""
URLUpdateInfo = ""
VersionMajor = 0x00000005
VersionMinor = 0x00000000
WindowsInstaller = 0x00000001
Version = 0x05000005
Language = 0x00000409
DisplayName = "ASPCA Reminder by We-Care.com v5.0.5.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon]

path = "%CommonAppData%\WeCareReminder\\wecarereminderro.crx"
version = "1.2.0.9"

[HKEY_LOCAL_MACHINE\SOFTWARE\Nyan Cat]

InstallDir = "%ProgramFiles%\ScreenSaverGift\Nyan Cat"
Version = "1.0"

[HKEY_CURRENT_USER\Control Panel\Desktop]

SCRNSAVE.EXE = "C:\PROGRA~1\SCREEN~1\NYANCA~1\NYANCA~1\NYANCA~1.SCR"

[HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings]

JITDebug = 0x00000000

[HKEY_CURRENT_USER\Software\wecarereminder]

readonlyreg = "leaveblank"
version = "5.0.5.1"
AutoUpdate = "0"
lastUpd = "20120202"
readonly = "1"
ltvid = "ca2fc016-bce2-542f-0e39-cb004bfebe8b"
PluginType = "AfterDownload Tri Mini"
subdom = "aspca"
InstalledOn = "2/2/2012"
InstallDir = "%CommonAppData%\WeCareReminder\"
cause = "the ASPCA"

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

(Default) =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

(Default) =

[HKEY_CURRENT_USER\Control Panel\Desktop]

ScreenSaveActive =

Other details

Analysis of the file resources indicate the following possible country of origin:

Russian Federation

There were registered attempts to establish connection with the remote hosts. The connection details are:

Remote Host	Port Number
107.20.139.161	80
107.22.236.69	80
178.236.5.35	80
204.232.180.209	80
207.171.163.162	80
209.18.43.146	80
50.17.255.108	80
64.30.224.89	80
72.21.215.197	80
72.247.38.50	80

The data identified by the following URLs was then requested from the remote web server:

http://os.downloadcdn.com/v2.0.0/?v=2.0&c=1850750762
http://os.downloadcdn.com/Images/DropDownDeals/image.png
http://os.downloadcdn.com/Images/ASPCA/logo.png
http://os.downloadcdn.com/Images/ASPCA/image.png
http://os.downloadcdn.com/Images/_Temp/red-btn.png
http://plugin.we-care.com/UpdatePlugin.php?lastUpd=00000000000000&readonly=1&version=5.0.5.1&id=0&iod=2/2/2012&ltvid=ca2fc016-bce2-542f-0e39-cb004bfebe8b&plugin_type=AfterDownload+Tri+Mini&clicks=::&subdom=aspca&browser=6.0.2900.2180&autoclk=true&yum=
http://plugin.we-care.com/getUpdateZip?version=5.0.5.1&secure_id=&ltvid=ca2fc016-bce2-542f-0e39-cb004bfebe8b
http://cdneu.downloadcdn.com.s3-external-3.amazonaws.com/ofr/WeCareV2.cis
http://api.opencandy.com/?clientv=27&cltzone=-480&language=en,en&method=get_offers&mstime=0.093&os=WIN5.1SP2&product_key=48f6f9ac28f07275b6d84d63b202e060&v=1.0&signature=f8ca8894676aa7a04a69986f3d6bd84e
http://cdnus.downloadcdn.com/ofr/WeCareV2.cis
http://media.opencandy.com/templates/2566/531/25663.png
http://software-files-a.cnet.com/s/software//11/89/50/13/Nyan_Cat_Screensaver.exe?token=1328390859_37a2842ff4fdad90a3230ff72b406c52
http://rp.downloadcdn.com/?pcrc=2139989395
http://rp.downloadcdn.com/?pcrc=329913089
http://api.cnet.com/rest/v1.0/softwareProductLink?productSetId=75448887&partTag=dlm
http://cdneu.downloadcdn.com/ofr/WeCareV2.cis
http://i.i.com.com/cnwk.1d/i/tim/2011/05/06/3927ad58aa920a0e79135367bcdc4a89c45b_1Nyan-Cat_32x28.JPG

Outbound traffic (potentially malicious)

There was an outbound traffic produced on port 80:

00000000 | 3041 3043 7A75 7443 3051 7443 3046 7442 | 0A0CzutC0QtC0FtB
00000010 | 3057 7443 3047 7443 3049 7443 3046 7443 | 0WtC0GtC0ItC0FtC
00000020 | 3054 7443 3051 325A 3046 7443 3052 7443 | 0TtC0Q2Z0FtC0RtC
00000030 | 3046 7443 3048 744E 3050 3143 3049 3044 | 0FtC0HtN0P1C0I0D
00000040 | 7A75 3151 3147 3149 3151 7446 3152 3146 | zu1Q1G1I1QtF1R1F
00000050 | 3148 744E 3055 3049 3044 7A75 7444 7444 | 1HtN0U0I0DzutDtD
00000060 | 7444 3043 7442 7A79 7942 3043 7A79 3044 | tD0CtBzyyB0Czy0D
00000070 | 7942 3043 3044 7443 3041 7945 7444 744E | yB0C0DtC0AyEtDtN
00000080 | 3057 3056 7A75 7944 7446 7443 744E 3057 | 0W0VzuyDtFtCtN0W
00000090 | 3053 3050 7A75 7442 744E 3050 3143 3053 | 0S0PzutBtN0P1C0S
000000A0 | 3259 3153 7A75 744A 3156 3057 3150 3043 | 2Y1SzutJ1V0W1P0C
000000B0 | 3154 3143 3150 744E 3052 3053 7A75 7449 | 1T1C1PtN0R0SzutI
000000C0 | 744E 3054 304B 7A75 7944 7442 7944 7441 | tN0T0KzuyDtByDtA
000000D0 | 7444 744E 3057 3150 3043 3154 3143 3150 | tDtN0W1P0C1T1C1P
000000E0 | 3053 3150 3142 3142 314C 3146 3147 7A75 | 0S1P1B1B1L1F1Gzu
000000F0 | 3152 3154 7442 314F 3152 7444 7443 7943 | 1R1TtB1O1RtDtCyC
00000100 | 7447 3153 3152 3150 7442 7447 7944 7945 | tG1S1R1PtBtGyDyE
00000110 | 7442 314F 7447 7444 3150 7441 7A79 7447 | tB1OtGtD1PtAzytG
00000120 | 3152 3153 7444 7444 7945 3153 314F 3150 | 1R1StDtDyE1S1O1P
00000130 | 3153 3150 7A7A 3153 744E 3049 3052 3056 | 1S1Pzz1StN0I0R0V
00000140 | 3045 3052 7A75 7944 7446 7442 7442 744E | 0E0RzuyDtFtBtBtN
00000150 | 3042 3052 3057 7A75 3049 3045 3058 3050 | 0B0R0Wzu0I0E0X0P
00000160 | 304C 304F 3052 3045 7446 3045 3058 3045 | 0L0O0R0EtF0E0X0E
00000170 | 744E 3048 3154 3142 304C 304D 7A75 7443 | tN0H1T1B0L0MzutC
00000180 | 744E 3052 304E 3154 3148 3150 7A75 3152 | tN0R0N1T1H1Pzu1R
00000190 | 744F 7441 3041 744F 7944 3043 3257 314C | tOtA0AtOyD0C2W1L
000001A0 | 3147 3151 3146 3257 3142 744F 7944 3043 | 1G1Q1F2W1BtOyD0C
000001B0 | 3142 3255 3142 325A 3150 3148 7441 7442 | 1B2U1B2Z1P1HtAtB
000001C0 | 744F 7944 3043 3142 3154 3148 3145 3149 | tOyD0C1B1T1H1E1I
000001D0 | 3150 3156 7443 7446 3150 3256 3150 744E | 1P1VtCtF1P2V1PtN
000001E0 | 304C 3154 3147 314E 7A75 3045 3147 314E | 0L1T1G1Nzu0E1G1N
000001F0 | 3149 314C 3142 314D 744E 3049 3045 3056 | 1I1L1B1MtN0I0E0V
00000200 | 3150 3143 7A75 7943 7446 7444 7446 7442 | 1P1CzuyCtFtDtFtB
00000210 | 7A79 7444 7444 7446 7442 7443 7A7A 7444 | zytDtDtFtBtCzztD
00000220 | 744E 304A 3053 7A75 7443 744E 3142 325A | tN0J0SzutCtN1B2Z
00000230 | 3154 3143 325A 3150 3151 7A75 7443 744E | 1T1C2Z1P1QzutCtN
00000240 | 3142 325A 3154 3148 3145 7A75 7942 7944 | 1B2Z1T1H1EzuyByD
00000250 | 7945 7945 7A7A 7A7A 7A7A 7942 744E 304C | yEyEzzzzzzyBtN0L
00000260 | 304D 3156 3053 3045 3043 7A75 7442 744E | 0M1V0S0E0CzutBtN
00000270 | 3154 3145 314C 304C 3146 3154 3151 3054 | 1T1E1L0L1F1T1Q0T
00000280 | 314C 3148 3150 7A75 7442 7943 7943 744E | 1L1H1PzutByCyCtN
00000290 | 3154 3145 314C 3050 3143 3146 3151 3044 | 1T1E1L0P1C1F1Q0D
000002A0 | 3154 325A 3150 7A75 7442 7444 7443 7443 | 1T2Z1PzutBtDtCtC
000002B0 | 7447 7444 7944 7447 7444 7943 744E 3154 | tGtDyDtGtDyCtN1T
000002C0 | 3145 314C 3050 3143 3146 3151 3053 314C | 1E1L0P1C1F1Q0S1L
000002D0 | 3254 3150 7A75 7A7A 7442 7444 7442 7A7A | 2T1PzuzztBtDtBzz
000002E0 | 7945 7443 744E 3145 3154 314E 3150 3048 | yEtCtN1E1T1N1P0H
000002F0 | 314C 3142 325A 3146 3143 3255 7A75 3149 | 1L1B2Z1F1C2Uzu1I
00000300 | 3146 3154 3151 314C 3147 314E 3050 3154 | 1F1T1Q1L1G1N0P1T
00000310 | 314E 3150 7448 7943 7442 7944 744F 7441 | 1N1PtHyCtByDtOtA
00000320 | 3042 3257 3150 3149 3152 3146 3148 3150 | 0B2W1P1I1R1F1H1P
00000330 | 3050 3154 314E 3150 7448 7945 7444 7943 | 0P1T1N1PtHyEtDyC
00000340 | 744F 7441 3042 3146 314F 314F 3150 3143 | tOtA0B1F1O1O1P1C
00000350 | 3050 3154 314E 3150 7448 7A79 7A7A 7944 | 0P1T1N1PtHzyzzyD

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.