ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 17 May 2011, 17:02:29
Processing time: 16 min 1 sec
Submitted sample:

File MD5: 0xA16A99C76A966AC4576137FA6BB02BDE
File SHA-1: 0x019BD6DEB00A8E2947DD741443A105AAA7AE8452
Filesize: 2,010,888 bytes

Summary of the findings:

What's been found	Severity Level
Produces outbound traffic.
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%CommonAppData%\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.dat	223 bytes	MD5: 0x023351605F1440324F2B9C41BB091EA6 SHA-1: 0xBBB14C8633E38C53A65C267C728CA0E6F36AAA61
2	%CommonAppData%\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.exe	3,005,036 bytes	MD5: 0xBF1193F912EE55464DB50FC63AE6FF2F SHA-1: 0x360E1A116E90D559A49640ACED11400ED1EB6BB7
3	%CommonAppData%\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.lnk %Temp%\mia1\destination.dfm.miaf %Temp%\mia1\unwelcome.dfm.miaf	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
4	%CommonAppData%\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.msi %Temp%\mia1\ilividsetupv1.msi	265,728 bytes	MD5: 0x5027A2E777C8D349F6B14080A4D68EFA SHA-1: 0x882B0339D80E83698196AF0967E60D5DB32A879B
5	%CommonAppData%\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.par	1,517 bytes	MD5: 0x8C9B68969A3E297ACB6D486F770157E5 SHA-1: 0xF6978795DF59BB5CBAC1FCB4EB2B1F6F21246819
6	%CommonAppData%\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.res	2,168,951 bytes	MD5: 0x09FB3A3919C4D8CFCC1F88501498A70C SHA-1: 0xFD47AA512B00C05A2A55AB4D090B08B00DF74397
7	%CommonAppData%\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\instance.dat	88 bytes	MD5: 0xBBAABBF2F1E776649FFFA4A677012086 SHA-1: 0xD56AE94BFF48BBAF12A20E0684EFEDF97CB8CA30
8	%CommonAppData%\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\mia.lib	579,753 bytes	MD5: 0x6A9B4E9C5DC1B4E40AF2185667C32BF9 SHA-1: 0xAB6B99E1464517D8E49DA04194F85E0DE5961F0F
9	%CommonDesktopDir%\Get free emoticons and winks!.url	132 bytes	MD5: 0x7E2F6218B2E3CFE0687F548AACF2DC41 SHA-1: 0x5C5D7CA0217B2B1279002EA0FA51DD92DE3B2990
10	%CommonDesktopDir%\iLivid Download Manager.lnk	702 bytes	MD5: 0xD352CAE3764B66E258C2E67BF68DC691 SHA-1: 0x2BCD5A824F82D5190BF091C8230890C71DB6075D
11	%CommonPrograms%\iLivid\iLivid Download Manager.lnk	714 bytes	MD5: 0x016150F808662DE5E909858889B558E9 SHA-1: 0xBB35A36E6265E4DD1F86B0DE289D7955DEE324D9
12	%AppData%\searchqutoolbar\coupons\categories.xml	26,318 bytes	MD5: 0x889D3D6C2BF6B1B45BFBA63A10779DB9 SHA-1: 0x8A0F1DA50F51BC7D32B3F5AD12B32F1148FAA42C
13	%AppData%\searchqutoolbar\coupons\merchants.xml	364,191 bytes	MD5: 0xC4D42CB3CCC5C493E34425585F2CDB3E SHA-1: 0xB02B8F210D1944736AD69C5F97028FC408FE7868
14	%AppData%\searchqutoolbar\coupons\merchants2.xml	168,802 bytes	MD5: 0x14F3AA063B39907394AB72C01CFC78C6 SHA-1: 0x8B1F8D59995F5CCDCA8901A5134D6FBFCDDE56EE
15	%AppData%\searchqutoolbar\dtx.ini	15 bytes	MD5: 0x182A64556E21AD5239EA4898F3D365B6 SHA-1: 0xB25DA62156703874C802DACFB22AEE0A2A6B93C5
16	%AppData%\searchqutoolbar\guid.dat	38 bytes	MD5: 0x004920ECFE3B18B468C272EA59E40BAC SHA-1: 0xF6AF607DEDA81D5B9AC77A35184AB062BD5EBAFB
17	%AppData%\searchqutoolbar\log.txt	62,612 bytes	MD5: 0x87B0792414AC11BEBFEF9CCA22124E77 SHA-1: 0x6EF9BAD0AA8FAFD13EEFB9C21DAAD2A2E42E361D
18	%AppData%\searchqutoolbar\preferences.dat	87 bytes	MD5: 0x260A5852B267B464C5B3ED6C4AF88DBC SHA-1: 0x8136197560F23C7EBB25922B8ED57B2017446F31
19	%AppData%\searchqutoolbar\stat.log	732 bytes	MD5: 0xD5E8A27F08DCBE9ED01095FB3474E0C5 SHA-1: 0x4F48B7F934FC0E02E12634A5857486E51E4A7046
20	%AppData%\searchqutoolbar\stats.dat	404 bytes	MD5: 0x3B27BD019071EC1EA33E5D89D89AE322 SHA-1: 0x0E62F20082EB6D318F456E656D1566994A1868BC
21	%AppData%\searchqutoolbar\uninstallIE.dat	233 bytes	MD5: 0x23F3D0061B667C448C3E289EFEEA047A SHA-1: 0xC9963F04E0624FDA0BCA28135C6CD2C9577D11B8
22	%AppData%\searchqutoolbar\uninstallStatIE.dat	311 bytes	MD5: 0x901ACBB3996AE3C3F8087ED82F5C098A SHA-1: 0xFBEB20D5208F1666528D913E188641B86CAB4DCA
23	%AppData%\searchqutoolbar\version.xml	138 bytes	MD5: 0xAC9FEBF9536150C33277EA7CA806C8C4 SHA-1: 0x9C5C8CE1FFFF118721EBCC1A2D62FA997A0236AC
24	%AppData%\searchqutoolbar\weather\859b43127c60abbfdf4a06ab642c84ec	5,430 bytes	MD5: 0xCA24CE7ADEB9B2D9F8625B1F4E00E6A1 SHA-1: 0xA83EBEC41E1E1F9423C6C620665781040ED59CC3
25	%AppData%\searchqutoolbar\weather\fdaed771402fe55fa6d25536920a52b0	10,625 bytes	MD5: 0x24BFE3265D68F429139B8CCB28952370 SHA-1: 0x6D8B726C6DFF55B8A3F7051092B8A65563047292
26	%AppData%\searchqutoolbar\weather\forecasts_cache.xml	74 bytes	MD5: 0x6CC81DD51BB733538293A7258BDF6879 SHA-1: 0x11445B9308C938C479728E4655767F7FC101B514
27	%AppData%\searchqutoolbar\weather\observations_cache.xml	74 bytes	MD5: 0x6987C63CCFEC173CA3CCD7187F17466C SHA-1: 0xA3C3AE1796DD0DC736BF58E912A9F9E91993D971
28	%AppData%\searchqutoolbar\weatherbutton_prefs.xml	356 bytes	MD5: 0xAADB73531E94D0D7335B1453DF677B23 SHA-1: 0xE0D074B280C10907C69F9A3BA567C8B41902F48F
29	%AppData%\vlc\ef9c9ad8cc5857eb63cb3660bc8bd202-i686.cache-2	466,848 bytes	MD5: 0x9D3465B383DAFC0CCFDDDB662EBD554E SHA-1: 0xE42D578B0B1B320426B20299D81FF25B12572094
30	%AppData%\vlc\vlc-qt-interface.ini	25 bytes	MD5: 0xA4ED475C12D8B1669F110CEB8E347493 SHA-1: 0x73B884431E85800FF5032C51D7BCE4078DAB2689
31	%AppData%\Ilivid Player\script.qscript	14,057 bytes	MD5: 0x2762ACD36EF2A2F5EFE0380E69D7F2BB SHA-1: 0x52DCB6AD255375D824C83CBB48AAE17147D51AA8
32	%Temp%\dlls.7z	8,925,650 bytes	MD5: 0x82728F47721C899AEACE3B6204199C36 SHA-1: 0x2A6E135EE5E14E8A3201380A582627E844A65922
33	%Temp%\ilivid.7z	725,651 bytes	MD5: 0x0CF032A65C5F5F60A709C45A560E778B SHA-1: 0x57D241AB5A34A56C0F718A3CB2817807C9FC6918
34	%Temp%\installhelper.dll %Temp%\mia1\InstallHelper.dll	1,339,904 bytes	MD5: 0xDE18FFD66CC3A019383129939042A477 SHA-1: 0x9AE5806E992D884E709EC7710EF52429845E0DB9
35	%Temp%\mia1\destination.dfm	15,989 bytes	MD5: 0x5CB646FC6179D59EBDEB7F67912664C8 SHA-1: 0x3272C21A2733FA53066AE6758B85A2669AF1CFBD
36	%Temp%\mia1\finish.dfm	16,047 bytes	MD5: 0x8A6E6EC127DE1A4DC4CAFC8C0F7F9895 SHA-1: 0xDB8C1E2D14B058DB1DAA2D9F421D6073D808E386
37	%Temp%\mia1\finish.dfm.miaf %Temp%\mia1\progress.dfm.miaf %Temp%\mia1\unfinish.dfm.miaf %Temp%\mia1\unprogress.dfm.miaf	70 bytes	MD5: 0x58F9CEE2A23ACD0F2A6DF937353CD012 SHA-1: 0xA37A9AE4885FBF232ED9BF5E3C1C19F31ACA1EB9
38	%Temp%\mia1\icon.ico	9,662 bytes	MD5: 0x65875FBD5732E431DA3068B36251952A SHA-1: 0x92D73F0EE178EC92F7DC10045A9D18B4A3E11CDA
39	%Temp%\mia1\license.txt	18,433 bytes	MD5: 0xADC52E4DF9473983D7C1BBE0F67B2891 SHA-1: 0x70CD5B1954D485C1C5819329C42C2F83F3ADD182
40	%Temp%\mia1\mDownExec.dll	508,416 bytes	MD5: 0xB7F0D95E4E97D518496FD9D90A4E0786 SHA-1: 0xAEB2936B447AC4E81639B51792BA53D42D24842E
41	%Temp%\mia1\mEXEFunc.dll	101,888 bytes	MD5: 0xF184BE47FF281B17D8AC5C702F4CA896 SHA-1: 0x10176DC5F11BA3B46380E49036381E86998B2D8B
42	%Temp%\mia1\progress.dfm	15,579 bytes	MD5: 0xB8AE31A7FD1A1660B4EA1E46BD862422 SHA-1: 0x77CECDC50DB1B3C2F236AB0A662878E9DD8560FB
43	%Temp%\mia1\Smiley.ico %Temp%\Smiley.ico	76,407 bytes	MD5: 0x4E26705310FFC933398361B4E843E14E SHA-1: 0x7DEFF56040CB71C37F0C090679B816C7ADA56A1D
44	%Temp%\mia1\unfinish.dfm	15,796 bytes	MD5: 0xCF296159B2365D878F043EB55C166168 SHA-1: 0x4E44CE213B04844B1E39C65CE58988EF6E63B4D0
45	%Temp%\mia1\unprogress.dfm	15,586 bytes	MD5: 0xA2930BD661653F69B0A2C0DC82C38EAD SHA-1: 0x59D88DB33A192FABD2C32A480D4D71F1981A2A98
46	%Temp%\mia1\unwelcome.dfm	15,664 bytes	MD5: 0x4EC2BF85FEC2AE05D6F0EA4263C8C4F6 SHA-1: 0xAD3D61A77B8571F025E1272462B5A6AFF7E9A2B4
47	%Temp%\mia1\welcome.dfm	18,154 bytes	MD5: 0x2B9A703FB664B27DC4580A6160158FE1 SHA-1: 0xBA02F256119B9BD92E7CF93850BF71FA365E0C75
48	%Temp%\mia1\welcome.dfm.miaf	626 bytes	MD5: 0xF23176BB8F82C435728EAE53FA92CB2E SHA-1: 0x133C95FD12F5103EE1E447C46BD41E59DDFF56E5
49	%Temp%\nsp15.tmp\UAC.dll %Temp%\nsx7.tmp\UAC.dll	16,896 bytes	MD5: 0x0D422E0C03A7D9428C6C02175D7DC9F8 SHA-1: 0x5E13D49521CFBBE52CD74DE8E1682789F0268969
50	%Temp%\searchqu.ini	411 bytes	MD5: 0x045DBE2A71E104376F24C075DA86FE7A SHA-1: 0xCD61C199D2B1A98807E161BA911CB1DC93BC634E
51	%Temp%\searchqutoolbar-manifest.xml %ProgramFiles%\Windows iLivid Toolbar\ToolBar\manifest.xml	9,422 bytes	MD5: 0xAA709C3696701CC2792A44116E7D83A1 SHA-1: 0xEF7D1D20479456246CABA3EF5ED22A424588357D
52	%Temp%\SetupDataMngr_Searchqu.exe	2,596,544 bytes	MD5: 0x52C355E4323A707A1FA1FFAEBD9D4DDD SHA-1: 0x6D6DFED1A9A20FF57FB86B834767D1B01B4DBF85
53	%MyDocuments%\My Videos\Desktop.ini	185 bytes	MD5: 0x2CD673C0578D592F86E1A89807F6933C SHA-1: 0x86C8A6342BA38EB70058148F5E00FECFA7EA41BF
54	%MyDocuments%\My Videos\sample.mpg	9,318,400 bytes	MD5: 0xAC74DD15633005534E7225C3DB69AF04 SHA-1: 0x133586106535B214516F9A86256BB1AAC9479525
55	%MyDocuments%\My Videos\sample.part1.rar	2,560,000 bytes	MD5: 0x2DEF35349CCA4E191D83D81E8ABBA73D SHA-1: 0x4FEFEB0AA444D3D6B2C410E6240A475EDBBF0F4F
56	%MyDocuments%\My Videos\sample.part2.rar	2,560,000 bytes	MD5: 0xB572C669A7C0A4131EBDE22869E93F45 SHA-1: 0x8092187BD90B408B514DF3FEC807959000835087
57	%MyDocuments%\My Videos\sample.part3.rar	2,560,000 bytes	MD5: 0x0F1A84D297EB2DF1D2B324C86B6880DF SHA-1: 0xFA5C3A56010148BD6CC45858E57EE22C46ABC768
58	%MyDocuments%\My Videos\sample.part4.rar	1,638,748 bytes	MD5: 0xE85077A0B6EE0313673F4E40F3819361 SHA-1: 0x22C6DEF569917AFFEA405CB646CC34DC310CED7F
59	%ProgramFiles%\iLivid\ilivid.exe	1,789,440 bytes	MD5: 0xAC40C69102F9DADB6F3CA841985B6A2E SHA-1: 0xF9D5CDEE2747A99E910DCB7017369A2E02735B08
60	%ProgramFiles%\iLivid\ilivid.ico	9,662 bytes	MD5: 0xD64C36521A1839B54788D7D0A82DAF08 SHA-1: 0x7E7E87C6AEC2EE1AE0579875B14B172AD1BDDD75
61	%ProgramFiles%\iLivid\imageformats\qgif4.dll	78,848 bytes	MD5: 0xB642EC06A27FC6FA3213093CE961D1DF SHA-1: 0x7EFAB5F635F4D9E00203DCE2488DF3CFC5C6379F
62	%ProgramFiles%\iLivid\imageformats\qjpeg4.dll	193,536 bytes	MD5: 0x38E92A0DBC45C9298D58583518ED545E SHA-1: 0x362D53C3B5A23E15383E041077CD1F99D512ABB1
63	%ProgramFiles%\iLivid\libeay32.dll	1,077,248 bytes	MD5: 0x876C1A020F1EF1B92166C48DC2B36BE9 SHA-1: 0x3DC85ACFA633AA608B49AF568926A367C72EFFC4
64	%ProgramFiles%\iLivid\libgcc_s_dw2-1.dll	43,008 bytes	MD5: 0xC4B4409F186DA70FCF2BCC60D5F05489 SHA-1: 0x056663C9FD2851CD64F39D882F6758E7A987BD42
65	%ProgramFiles%\iLivid\mingwm10.dll	11,362 bytes	MD5: 0xDBDA60D92E774B4ACB3B1CD71F909426 SHA-1: 0x66BFE06A16025F574323A0CE64DCC7C8216EB56C
66	%ProgramFiles%\iLivid\phonon4.dll	306,176 bytes	MD5: 0xB34ED4B641DF62BDF3824C8D10E1B00E SHA-1: 0x7245BAA7AD0B5949887F525FDAF4ABF2D0FB1040
67	%ProgramFiles%\iLivid\QtCore4.dll	2,417,664 bytes	MD5: 0x0E759F6CEB913573989F98CB803748AD SHA-1: 0x920E100EC1B4279FD93078534A22E8888F23A9CF
68	%ProgramFiles%\iLivid\QtGui4.dll	9,565,184 bytes	MD5: 0xDB8001F40263792DEC9F92E7704C7BA0 SHA-1: 0x3B954107C95819286879972D91F46EE56F870325
69	%ProgramFiles%\iLivid\QtNetwork4.dll	1,148,416 bytes	MD5: 0x8CF69338715127F9C1FFFD8F622C0686 SHA-1: 0x7B9BD00D0E369FAC33178FE0EB0D19619EF4EE29
70	%ProgramFiles%\iLivid\QtScript4.dll	1,851,392 bytes	MD5: 0x67224FA49F565CCC5AFA91973D05A542 SHA-1: 0x400C65C05E4D12477AED8C6868DFF55BD2EFD3B2
71	%ProgramFiles%\iLivid\QtSvg4.dll	366,592 bytes	MD5: 0xAEFF4D1C4642BCDD32E4C2C2FDA46E4A SHA-1: 0x6DD4585F8116A7780C47C88DA400EB1E6468DC02
72	%ProgramFiles%\iLivid\QtWebKit4.dll	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
73	%ProgramFiles%\iLivid\QtXmlPatterns4.dll	3,962,368 bytes	MD5: 0x84B2F96CD04391A5C233FCA6B023994B SHA-1: 0xE87A954CD6C1E8E9C233E2BD925D358829F06971
74	%ProgramFiles%\iLivid\script.qscript %ProgramFiles%\iLivid\script1.81.qscript	13,374 bytes	MD5: 0x39AB747E5C33AB1A793E061D322A61A5 SHA-1: 0xBE95E4F82FE0C42033ECD2961F1D9092D1D5BFCB
75	%ProgramFiles%\iLivid\ssleay32.dll	200,704 bytes	MD5: 0x66608624CE80FE749212290705605E76 SHA-1: 0x6E2453E597805B54BCC7693A07CBE9978B576E78
76	%ProgramFiles%\iLivid\VLC\activex\axvlc.dll	308,224 bytes	MD5: 0xA9298060FBACA8CD42298BE4EFDA3DE5 SHA-1: 0x705506511A38359C2DA4A0739A248DC04AEB124A
77	%ProgramFiles%\iLivid\VLC\activex\axvlc.dll.manifest	296 bytes	MD5: 0x34092D69B5E01D1C7170BF48AE71388E SHA-1: 0xE564DDB31F242E221B4C6C3E0334C4831F52DDAA
78	%ProgramFiles%\iLivid\VLC\activex\README.TXT	10,625 bytes	MD5: 0x4BBC30E1C70D6EF53BD0F173DCA67EEB SHA-1: 0xB4EB32DB9A55AB60BE5294B11477117354E3AA39
79	%ProgramFiles%\iLivid\VLC\activex\test.html	18,159 bytes	MD5: 0xAE0F79F9616C82E819E93345864F3E9B SHA-1: 0xB5469F743F46A129F87C7F334F24EFAA73622D14
80	%ProgramFiles%\iLivid\VLC\AUTHORS.txt	9,011 bytes	MD5: 0x8181E64A3055FEEB1E669C67089FF3CD SHA-1: 0xD26DEC4A0616846D134B2F559E57A9ED36C2E17B
81	%ProgramFiles%\iLivid\VLC\COPYING.txt	18,437 bytes	MD5: 0x5110FA752179BA7EE78701610FEA8873 SHA-1: 0x421D39930B9DF3F4515313716F51DB07013087C8
82	%ProgramFiles%\iLivid\VLC\http\.hosts %ProgramFiles%\iLivid\VLC\lua\http\.hosts	313 bytes	MD5: 0xDBF2E7E7596278CB074168DEFB4544AE SHA-1: 0xCA16EC2F9F51C675B186E7F35680C984E56C3344
83	%ProgramFiles%\iLivid\VLC\http\dialogs\.hosts %ProgramFiles%\iLivid\VLC\lua\http\dialogs\.hosts	124 bytes	MD5: 0x2717E3FE7F97935AB641753E5CE90820 SHA-1: 0x148F3ECCC7C3B278DE50C650AAC4C1A4AEA9A2C0
84	%ProgramFiles%\iLivid\VLC\http\dialogs\browse	1,963 bytes	MD5: 0xB0C0A774D1064455B25BB14CF4BCAE38 SHA-1: 0x72975A61C620A2721AAB473C1FE8155F609ACDAC
85	%ProgramFiles%\iLivid\VLC\http\dialogs\footer	1,627 bytes	MD5: 0xD1711CBC5D5304CB736A5107D7B230EB SHA-1: 0x338E3496CB20C04535BF6396B52B7643C8AF299B
86	%ProgramFiles%\iLivid\VLC\http\dialogs\input	9,670 bytes	MD5: 0xA905413E860C421DBAE8375A1087CD8F SHA-1: 0x31BF2AEF57AF27E6648B88AEB47D489D42A192C9
87	%ProgramFiles%\iLivid\VLC\http\dialogs\main	6,265 bytes	MD5: 0x0172FBB57EE16E2390CF722C861D4C24 SHA-1: 0xC5B140D2376704FD04584723D849E4EA3C5F9934
88	%ProgramFiles%\iLivid\VLC\http\dialogs\mosaic	6,261 bytes	MD5: 0x8F254F847C8CF1403421BAEBC4E6B93B SHA-1: 0xC95F833C2C968053BD148736FB390722F43EBCF0
89	%ProgramFiles%\iLivid\VLC\http\dialogs\playlist	5,784 bytes	MD5: 0x16EBF651E602E26F8573C429642B4DCC SHA-1: 0x3E49AD4DF7C9806659BC2AF89485E8E17B259F4F
90	%ProgramFiles%\iLivid\VLC\http\dialogs\sout	12,535 bytes	MD5: 0x65CB7305ED11D74940114ACD76D8464A SHA-1: 0xFCFBF8CC4BC0C08F6E4AC796ECCC536479ACF24C
91	%ProgramFiles%\iLivid\VLC\http\dialogs\vlm	9,775 bytes	MD5: 0x56F9AAEA9FCFB585007F876EFE23DF03 SHA-1: 0x73284625B01ADBD2C47654B547EC53781E1B9A73
92	%ProgramFiles%\iLivid\VLC\http\favicon.ico %ProgramFiles%\iLivid\VLC\lua\http\favicon.ico	86,358 bytes	MD5: 0x6F7E92FE7E6A62661AC2B41528A78FC6 SHA-1: 0x2353AFB5C229987DF63696FB48BDF840AA208791
93	%ProgramFiles%\iLivid\VLC\http\flash.html	2,317 bytes	MD5: 0xE2B446251287E4E2CE5AA2BCEAB350EC SHA-1: 0x0D692AC88024D0505F3F73C3EFF28F8253473E23
94	%ProgramFiles%\iLivid\VLC\http\iehacks.css %ProgramFiles%\iLivid\VLC\lua\http\iehacks.css	1,377 bytes	MD5: 0xB77CEE75D0D75B3440EF8B691A619732 SHA-1: 0x1FCE30B072F05B138FC61ED8E50F5BBD753F8EA1
95	%ProgramFiles%\iLivid\VLC\http\images\delete.png %ProgramFiles%\iLivid\VLC\lua\http\images\delete.png	198 bytes	MD5: 0x5D171EF52392FD40789BA575DC45C6F2 SHA-1: 0x3D65AE9BC2720EAFC09F9D95FA3D1A1363463EA6
96	%ProgramFiles%\iLivid\VLC\http\images\delete_small.png %ProgramFiles%\iLivid\VLC\lua\http\images\delete_small.png	165 bytes	MD5: 0x76DCACE19BDF5222AB8F2A2B34F31E9E SHA-1: 0xBBB813C069D44E4FF4B50EDE2860D1CD7B5610D8
97	%ProgramFiles%\iLivid\VLC\http\images\eject.png %ProgramFiles%\iLivid\VLC\lua\http\images\eject.png	155 bytes	MD5: 0x175B9A5EB0BC06D1A835C6EF93DFAEB4 SHA-1: 0x6B5011D5F58056649B1BB178B09C45D2CA6DFB10
98	%ProgramFiles%\iLivid\VLC\http\images\empty.png %ProgramFiles%\iLivid\VLC\lua\http\images\empty.png	178 bytes	MD5: 0xE81B175C4D074F24B7D19C4A27180682 SHA-1: 0xB17FFDF422103827A9382FF36B380F222907619D
99	%ProgramFiles%\iLivid\VLC\http\images\fullscreen.png %ProgramFiles%\iLivid\VLC\lua\http\images\fullscreen.png	194 bytes	MD5: 0x04DD6069A3E982F5ADC3FC7A57EE47CB SHA-1: 0x84F0516FB561E19E88C658A49E7DC1F5E147205B
100	%ProgramFiles%\iLivid\VLC\http\images\help.png %ProgramFiles%\iLivid\VLC\lua\http\images\help.png	203 bytes	MD5: 0x59757C5621896103A5EAFFB59D3A6B4C SHA-1: 0xD1F21CFDBA1E0D38608455499EF3CB92852984E8

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.

The following directories were created:

%CommonAppData%\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}
%CommonPrograms%\iLivid
%AppData%\searchquband
%AppData%\searchqutoolbar
%AppData%\searchqutoolbar\coupons
%AppData%\searchqutoolbar\weather
%AppData%\vlc
%AppData%\Ilivid Player
%AppData%\PackageAware
%Temp%\mia1
%Temp%\nsp15.tmp
%Temp%\nsx7.tmp
%MyDocuments%\My Videos
%ProgramFiles%\iLivid
%ProgramFiles%\iLivid\imageformats
%ProgramFiles%\iLivid\VLC
%ProgramFiles%\iLivid\VLC\activex
%ProgramFiles%\iLivid\VLC\http
%ProgramFiles%\iLivid\VLC\http\dialogs
%ProgramFiles%\iLivid\VLC\http\images
%ProgramFiles%\iLivid\VLC\http\js
%ProgramFiles%\iLivid\VLC\http\requests
%ProgramFiles%\iLivid\VLC\languages
%ProgramFiles%\iLivid\VLC\locale
%ProgramFiles%\iLivid\VLC\locale\af
%ProgramFiles%\iLivid\VLC\locale\af\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\ar
%ProgramFiles%\iLivid\VLC\locale\ar\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\be
%ProgramFiles%\iLivid\VLC\locale\be\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\bg
%ProgramFiles%\iLivid\VLC\locale\bg\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\bn
%ProgramFiles%\iLivid\VLC\locale\bn\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\ca
%ProgramFiles%\iLivid\VLC\locale\ca\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\ckb
%ProgramFiles%\iLivid\VLC\locale\ckb\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\co
%ProgramFiles%\iLivid\VLC\locale\co\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\cs
%ProgramFiles%\iLivid\VLC\locale\cs\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\da
%ProgramFiles%\iLivid\VLC\locale\da\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\de
%ProgramFiles%\iLivid\VLC\locale\de\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\el
%ProgramFiles%\iLivid\VLC\locale\el\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\en_GB
%ProgramFiles%\iLivid\VLC\locale\en_GB\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\es
%ProgramFiles%\iLivid\VLC\locale\es\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\et
%ProgramFiles%\iLivid\VLC\locale\et\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\eu
%ProgramFiles%\iLivid\VLC\locale\eu\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\fa
%ProgramFiles%\iLivid\VLC\locale\fa\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\fi
%ProgramFiles%\iLivid\VLC\locale\fi\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\fr
%ProgramFiles%\iLivid\VLC\locale\fr\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\fur
%ProgramFiles%\iLivid\VLC\locale\fur\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\gl
%ProgramFiles%\iLivid\VLC\locale\gl\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\he
%ProgramFiles%\iLivid\VLC\locale\he\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\hi
%ProgramFiles%\iLivid\VLC\locale\hi\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\hr
%ProgramFiles%\iLivid\VLC\locale\hr\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\hu
%ProgramFiles%\iLivid\VLC\locale\hu\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\id
%ProgramFiles%\iLivid\VLC\locale\id\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\it
%ProgramFiles%\iLivid\VLC\locale\it\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\ja
%ProgramFiles%\iLivid\VLC\locale\ja\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\ka
%ProgramFiles%\iLivid\VLC\locale\ka\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\kk
%ProgramFiles%\iLivid\VLC\locale\kk\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\km
%ProgramFiles%\iLivid\VLC\locale\km\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\ko
%ProgramFiles%\iLivid\VLC\locale\ko\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\lt
%ProgramFiles%\iLivid\VLC\locale\lt\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\lv
%ProgramFiles%\iLivid\VLC\locale\lv\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\mk
%ProgramFiles%\iLivid\VLC\locale\mk\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\ml
%ProgramFiles%\iLivid\VLC\locale\ml\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\mn
%ProgramFiles%\iLivid\VLC\locale\mn\LC_MESSAGES
%ProgramFiles%\iLivid\VLC\locale\ms
%ProgramFiles%\iLivid\VLC\locale\ms\LC_MESSAGES

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	258,048 bytes

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList\Media
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList\Net
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5E0C8759C69912A4485AD49572CE7CA3
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDF3BBCF-FB0A-478C-ABA7-BB061F4D88C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E54B372A-DD4A-433A-8314-3621D864712A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E0C8759C69912A4485AD49572CE7CA3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\Files
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\Files\Homepage
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\Files\SelectedSearch
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\Files\UrlbarSearch
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\IEBHO
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item1
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item1\Protected1
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item1\Protected2
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item1\Protected3
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item2
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item3
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\ilivid
HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\general
HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player
HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player\hosts
HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player\hosts\ilivid.com
HKEY_LOCAL_MACHINE\SOFTWARE\MimarSinan
HKEY_LOCAL_MACHINE\SOFTWARE\MimarSinan\InstallAware
HKEY_LOCAL_MACHINE\SOFTWARE\MimarSinan\InstallAware\Ident.Cache
HKEY_LOCAL_MACHINE\SOFTWARE\MimarSinan\InstallAware\Ident.Cache\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\DataMngr
HKEY_CURRENT_USER\Software\DataMngr\Files
HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage
HKEY_CURRENT_USER\Software\DataMngr\Files\SelectedSearch
HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch
HKEY_CURRENT_USER\Software\DataMngr\IEBHO
HKEY_CURRENT_USER\Software\DataMngr\List
HKEY_CURRENT_USER\Software\DataMngr\List\Item1
HKEY_CURRENT_USER\Software\DataMngr\List\Item1\Protected1
HKEY_CURRENT_USER\Software\DataMngr\List\Item1\Protected2
HKEY_CURRENT_USER\Software\DataMngr\List\Item1\Protected3
HKEY_CURRENT_USER\Software\DataMngr\List\Item2
HKEY_CURRENT_USER\Software\DataMngr\List\Item3
HKEY_CURRENT_USER\Software\DataMngr\Toolbar
HKEY_CURRENT_USER\Software\ilivid
HKEY_CURRENT_USER\Software\ilivid\general
HKEY_CURRENT_USER\Software\ilivid\player
HKEY_CURRENT_USER\Software\ilivid\player\hosts
HKEY_CURRENT_USER\Software\ilivid\player\hosts\ilivid.com
HKEY_CURRENT_USER\Software\searchqutoolbar
HKEY_CURRENT_USER\Software\Trolltech
HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults
HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6
HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:
HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:
HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files
HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\%ProgramFiles%\iLivid
HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\%ProgramFiles%\iLivid\imageformats
HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false
HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]

(Default) = "C:\PROGRA~1\WINDOW~4\ToolBar\searchqudtx.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]

(Default) = "Searchqu Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]

(Default) = "SearchQUIEHelper.UrlHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]

(Default) = "SearchQUIEHelper.UrlHelper.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32]

(Default) = "C:\PROGRA~1\WINDOW~4\Datamngr\IEBHO.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]

(Default) = "UrlHelper Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160]

FEATURE_ID = ""
FWR602 = ""
FWR603 = ""
FWR604 = ""
FWR605 = ""
FWR606 = ""
FWR607 = ""
FWR608 = ""
FWR609 = ""
FWR610 = ""
FWR611 = ""
FWR613 = ""
FWR614 = ""
FWR615 = ""
FWR616 = ""
FWR617 = ""
FWR618 = ""
FWR619 = ""
FWR620 = ""
FWR621 = ""
FWR622 = ""
FWR624 = ""
FWR625 = ""
FWR626 = ""
FWR627 = ""
FWR628 = ""
FWR629 = ""
FCS630 = ""
FCS631 = ""
FCF643 = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList\Net]

1 = "%Temp%\mia1.tmp\data\"
2 = "%Temp%\mia1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList\Media]

MediaPackage = "\DOCUME~1\%UserName%\LOCALS~1\Temp\mia1.tmp\"
1 = ";"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]

PackageName = "iLividSetupV1.msi"
LastUsedSource = "n;1;%Temp%\mia1.tmp\data\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]

ProductName = "iLivid"
PackageCode = "EA41C10F0C9FBD942AC8C442EE7626EF"
Language = 0x00000409
Version = 0x01500000
Assignment = 0x00000001
AdvertiseFlags = 0x00000184
InstanceType = 0x00000000
AuthorizedLUAApp = 0x00000000
Clients = ":"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5E0C8759C69912A4485AD49572CE7CA3]

2B1E51D87B2D71A44BB42DDD5E894160 = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\TypeLib]

(Default) = "{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}]

(Default) = "IDNSGuard"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\0\win32]

(Default) = "C:\PROGRA~1\WINDOW~4\Datamngr\IEBHO.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\HELPDIR]

(Default) = "C:\PROGRA~1\WINDOW~4\Datamngr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]

(Default) = "SearchQUIEBHO 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell\open\command]

(Default) = ""%ProgramFiles%\iLivid\ilivid.exe" "%1""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell]

(Default) = "open"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]

URL Protocol = ""
(Default) = "URL:ilivid Player"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer]

(Default) = "SearchQUIEHelper.UrlHelper.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CLSID]

(Default) = "{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]

(Default) = "UrlHelper Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\CLSID]

(Default) = "{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]

(Default) = "UrlHelper Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

FrameAuto = 0x00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

10 = "10"
{99079a25-328f-4bd4-be04-00955acaa0a7} = "Searchqu Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E54B372A-DD4A-433A-8314-3621D864712A}]

Policy = 0x00000003
AppPath = "C:\PROGRA~1\WINDOW~4\ToolBar"
AppName = "dtUser.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDF3BBCF-FB0A-478C-ABA7-BB061F4D88C9}]

Policy = 0x00000003
AppPath = "C:\PROGRA~1\WINDOW~4\ToolBar"
AppName = "dtUser.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]

AppName = "uninstall.exe"
AppPath = "C:\PROGRA~1\WINDOW~4\ToolBar"
Policy = 0x00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]

(Default) = "Searchqu Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

%CommonPrograms%\iLivid\ = "1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E0C8759C69912A4485AD49572CE7CA3]

2B1E51D87B2D71A44BB42DDD5E894160 = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

DATAMNGR = "C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]

NoModify = 0x00000001
NoRepair = 0x00000001
DisplayIcon = "%CommonAppData%\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.exe"
DisplayName = "iLivid"
UninstallString = ""%CommonAppData%\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.exe" REMOVE=TRUE MODIFY=FALSE"
ModifyPath = "%CommonAppData%\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.exe"
Publisher = "Bandoo Media Inc."
Contact = "Bandoo Media Inc."
HelpLink = "http://www.ilivid.com/"
URLUpdateInfo = "http://www.ilivid.com/"
DisplayVersion = "1.80.0.106117"

Other details

Analysis of the file resources indicate the following possible country of origin:

Netherlands

There were registered attempts to establish connection with the remote hosts. The connection details are:

Remote Host	Port Number
174.120.252.45	80
184.73.232.5	80
199.7.52.190	80
204.0.5.42	80
204.0.5.43	80
204.0.5.58	80
207.232.22.25	80
207.232.22.52	80
207.232.22.60	80
216.137.43.175	80

The data identified by the following URLs was then requested from the remote web server:

http://clkads.com/visicom/sl1.html?tid=IMTB1
http://clkads.com/adServe/coupons?cid=IMTB1
http://clkads.com/adServe/findAd?num=2&keyword=&tid=IMTB1&type=js&ts=t&ar=t
http://searchqutoolbar.imesh.dtxreport.applicationstat.com/post_streams/postdata.php
http://crl.thawte.com/ThawtePremiumServerCA.crl
http://crl.thawte.com/ThawtePCA.crl
http://cs-g2-crl.thawte.com/ThawteCSG2.crl
http://img.weather.weatherbug.com/forecast/icons/localized/20x17/en/trans/cond026.png
http://img.weather.weatherbug.com/forecast/icons/localized/20x17/en/trans/cond003.png
http://download.cdn.ilivid.com/cdn/1/SetupDataMngr_Searchqu.exe
http://download.cdn.ilivid.com/cdn/1/dlls.7z
http://download.cdn.ilivid.com/cdn/1/ilivid.7z
http://download.cdn.ilivid.com/cdn/1/vlc.7z
http://download.cdn.ilivid.com/sample.part1.rar
http://download.cdn.ilivid.com/sample.part2.rar
http://download.cdn.ilivid.com/sample.part3.rar
http://download.cdn.ilivid.com/sample.part4.rar
http://downloads.ilivid.com/sample.part1.rar
http://downloads.ilivid.com/sample.part2.rar
http://downloads.ilivid.com/sample.part3.rar
http://downloads.ilivid.com/sample.part4.rar
http://dm.mlstat.com/statistics/dm/install.php
http://bar.searchqu.com/bar/vtlb/updateW/version.xml?nocache=1305677120161
http://cdn.clkads.com/script/json.js
http://cdn.clkads.com/script/cpbs.js
http://cdn.clkads.com/script/utils_1.0.1.js
http://cdn.clkads.com/script/tb_1.0.7.js
http://cdn.clkads.com/script/effects_1.0.6.js
http://download.vmn.net/dtx_coupons/merchants.xml
http://geoip.vmn.net/index.php?v=2&tb=searchqutoolbar
http://searchqutoolbar.imesh.wizard.applicationstat.com/postdata.php
http://coupons.mystart.com/api/get_all_categories/?format=xml
http://search.vmn.net/newtab/geoip.php
http://www.google-analytics.com/ga.js
http://banners.ilivid.com/brand/ilivid/latest_version.htm
http://banners.ilivid.com/brand/ilivid/v2.0/ilivid_walkthrough.htm
http://banners.ilivid.com/brand/ilivid/v2.0/buffering.htm?version=1.80&PA=false&host=ilivid.com
http://banners.ilivid.com/brand/ilivid/v2.0/welcome.jpg
http://banners.ilivid.com/brand/ilivid/v2.0/playback.htm?version=1.80&PA=false&host=ilivid.com
http://banners.ilivid.com/brand/ilivid/v2.0/complete.htm?version=1.80&PA=false&host=ilivid.com
http://www.ilivid.com/102/thank_you.htm?systemid=406&appid=102&type=New
http://program.ilivid.com/program/script1.81.qscript
http://banners.ilivid.com/brand/ilivid/v2.0/welcome.htm
http://ad.xtendmedia.com/pixel?id=1267820&t=1
http://ad.yieldmanager.com/pixel?id=1267820&t=1

Outbound traffic (potentially malicious)

There was an outbound traffic produced on port 80:

00000000 | 7573 6572 4669 6C65 3D25 3542 2532 3231 | userFile=%5B%221
00000010 | 2E30 2532 3225 3243 2535 4225 3542 2532 | .0%22%2C%5B%5B%2
00000020 | 3273 6561 7263 6871 7574 6F6F 6C62 6172 | 2searchqutoolbar
00000030 | 2532 3225 3243 2532 3234 2E31 2E30 2E30 | %22%2C%224.1.0.0
00000040 | 3125 3232 2532 4325 3232 3944 4539 3336 | 1%22%2C%229DE936
00000050 | 3443 3745 3436 3442 4544 4235 4243 4546 | 4C7E464BEDB5BCEF
00000060 | 3845 3736 3939 3039 3833 2532 3225 3243 | 8E76990983%22%2C
00000070 | 2532 3232 3031 3130 3531 3725 3232 2532 | %2220110517%22%2
00000080 | 4325 3232 4D6F 7A69 6C6C 6125 3246 342E | C%22Mozilla%2F4.
00000090 | 3025 3230 2863 6F6D 7061 7469 626C 6525 | 0%20(compatible%
000000A0 | 3342 2532 304D 5349 4525 3230 362E 3025 | 3B%20MSIE%206.0%
000000B0 | 3342 2532 3057 696E 646F 7773 2532 304E | 3B%20Windows%20N
000000C0 | 5425 3230 352E 3125 3342 2532 3053 5631 | T%205.1%3B%20SV1
000000D0 | 2533 4225 3230 2E4E 4554 2532 3043 4C52 | %3B%20.NET%20CLR
000000E0 | 2532 3032 2E30 2E35 3037 3237 2925 3232 | %202.0.50727)%22
000000F0 | 2532 4325 3232 656E 2532 3225 3243 2532 | %2C%22en%22%2C%2
00000100 | 3234 2E31 2E30 2E30 3125 3232 2535 4425 | 24.1.0.01%22%5D%
00000110 | 3243 2535 4225 3542 3025 3243 2532 3225 | 2C%5B%5B0%2C%22%
00000120 | 3232 2532 4325 3232 2532 3225 3544 2535 | 22%2C%22%22%5D%5
00000130 | 4425 3544 2535 44                       | D%5D%5D
00000000 | 2533 6325 3366 786D 6C25 3230 7665 7273 | %3c%3fxml%20vers
00000010 | 696F 6E25 3364 2532 3231 2E30 2532 3225 | ion%3d%221.0%22%
00000020 | 3230 656E 636F 6469 6E67 2533 6425 3232 | 20encoding%3d%22
00000030 | 5554 462D 3825 3232 2533 6625 3365 2533 | UTF-8%22%3f%3e%3
00000040 | 6344 6174 6125 3365 2533 6356 6572 2533 | cData%3e%3cVer%3
00000050 | 6532 2E35 2E30 2E31 3033 3236 3825 3363 | e2.5.0.103268%3c
00000060 | 2F56 6572 2533 6525 3363 4F6C 6456 6572 | /Ver%3e%3cOldVer
00000070 | 2533 6532 2E35 2E30 2E31 3033 3236 3825 | %3e2.5.0.103268%
00000080 | 3363 2F4F 6C64 5665 7225 3365 2533 6354 | 3c/OldVer%3e%3cT
00000090 | 7970 6525 3365 5570 6772 6164 6525 3363 | ype%3eUpgrade%3c
000000A0 | 2F54 7970 6525 3365 2533 6349 6E73 744C | /Type%3e%3cInstL
000000B0 | 616E 6725 3365 656E 2533 632F 496E 7374 | ang%3een%3c/Inst
000000C0 | 4C61 6E67 2533 6525 3363 4870 2533 6525 | Lang%3e%3cHp%3e%
000000D0 | 3363 2125 3562 4344 4154 4125 3562 2535 | 3c!%5bCDATA%5b%5
000000E0 | 6425 3564 2533 6525 3363 2F48 7025 3365 | d%5d%3e%3c/Hp%3e
000000F0 | 2533 6344 6566 6175 6C74 5365 6172 6368 | %3cDefaultSearch
00000100 | 2533 6525 3363 2125 3562 4344 4154 4125 | %3e%3c!%5bCDATA%
00000110 | 3562 2535 6425 3564 2533 6525 3363 2F44 | 5b%5d%5d%3e%3c/D
00000120 | 6566 6175 6C74 5365 6172 6368 2533 6525 | efaultSearch%3e%
00000130 | 3363 4272 6F77 7365 7225 3365 2533 6321 | 3cBrowser%3e%3c!
00000140 | 2535 6243 4441 5441 2535 6225 3564 2535 | %5bCDATA%5b%5d%5
00000150 | 6425 3365 2533 632F 4272 6F77 7365 7225 | d%3e%3c/Browser%
00000160 | 3365 2533 634F 7325 3365 352E 3125 3363 | 3e%3cOs%3e5.1%3c
00000170 | 2F4F 7325 3365 2533 6341 7070 4964 2533 | /Os%3e%3cAppId%3
00000180 | 6530 2533 632F 4170 7049 6425 3365 2533 | e0%3c/AppId%3e%3
00000190 | 6353 7973 7465 6D49 6425 3365 3430 3625 | cSystemId%3e406%
000001A0 | 3363 2F53 7973 7465 6D49 6425 3365 2533 | 3c/SystemId%3e%3
000001B0 | 6349 7336 3425 3365 3025 3363 2F49 7336 | cIs64%3e0%3c/Is6
000001C0 | 3425 3365 2533 6353 6574 4945 2533 6559 | 4%3e%3cSetIE%3eY
000001D0 | 6573 2533 632F 5365 7449 4525 3365 2533 | es%3c/SetIE%3e%3
000001E0 | 6353 6574 4646 2533 654E 6F25 3363 2F53 | cSetFF%3eNo%3c/S
000001F0 | 6574 4646 2533 6525 3363 5365 744F 7065 | etFF%3e%3cSetOpe
00000200 | 7261 2533 654E 6F25 3363 2F53 6574 4F70 | ra%3eNo%3c/SetOp
00000210 | 6572 6125 3365 2533 6353 6574 4368 726F | era%3e%3cSetChro
00000220 | 6D65 2533 654E 6F25 3363 2F53 6574 4368 | me%3eNo%3c/SetCh
00000230 | 726F 6D65 2533 6525 3363 5365 7442 484F | rome%3e%3cSetBHO
00000240 | 2533 6559 6573 2533 632F 5365 7442 484F | %3eYes%3c/SetBHO
00000250 | 2533 6525 3363 5365 7444 4D25 3365 5965 | %3e%3cSetDM%3eYe
00000260 | 7325 3363 2F53 6574 444D 2533 6525 3363 | s%3c/SetDM%3e%3c
00000270 | 5573 6572 5442 2533 6559 6573 2533 632F | UserTB%3eYes%3c/
00000280 | 5573 6572 5442 2533 6525 3363 5573 6572 | UserTB%3e%3cUser
00000290 | 5365 6172 6368 2533 6559 6573 2533 632F | Search%3eYes%3c/
000002A0 | 5573 6572 5365 6172 6368 2533 6525 3363 | UserSearch%3e%3c
000002B0 | 496E 7374 4F70 7469 6F6E 2533 6554 7970 | InstOption%3eTyp
000002C0 | 6963 616C 2533 632F 496E 7374 4F70 7469 | ical%3c/InstOpti
000002D0 | 6F6E 2533 6525 3363 436C 6965 6E74 5665 | on%3e%3cClientVe
000002E0 | 7225 3365 312E 3830 2E30 2E31 3036 3131 | r%3e1.80.0.10611
000002F0 | 3725 3363 2F43 6C69 656E 7456 6572 2533 | 7%3c/ClientVer%3
00000300 | 6525 3363 436C 6965 6E74 5479 7065 2533 | e%3cClientType%3
00000310 | 6555 7067 7261 6465 2533 632F 436C 6965 | eUpgrade%3c/Clie
00000320 | 6E74 5479 7065 2533 6525 3363 2F44 6174 | ntType%3e%3c/Dat
00000330 | 6125 3365 2533 6325 3366 786D 6C25 3230 | a%3e%3c%3fxml%20
00000340 | 7665 7273 696F 6E25 3364 2532 3231 2E30 | version%3d%221.0
00000350 | 2532 3225 3230 656E 636F 6469 6E67 2533 | %22%20encoding%3
00000360 | 6425 3232 5554 462D 3825 3232 2533 6625 | d%22UTF-8%22%3f%
00000370 | 3365 2533 6344 6174 6125 3365 2533 6356 | 3e%3cData%3e%3cV
00000380 | 6572 2533 6532 2E35 2E30 2E31 3033 3236 | er%3e2.5.0.10326
00000390 | 3825 3363 2F56 6572 2533 6525 3363 4F6C | 8%3c/Ver%3e%3cOl
000003A0 | 6456 6572 2533 6532 2E35 2E30 2E31 3033 | dVer%3e2.5.0.103
000003B0 | 3236 3825 3363 2F4F 6C64 5665 7225 3365 | 268%3c/OldVer%3e
000003C0 | 2533 6354 7970 6525 3365 5570 6772 6164 | %3cType%3eUpgrad
000003D0 | 6525 3363 2F54 7970 6525 3365 2533 6349 | e%3c/Type%3e%3cI
000003E0 | 6E73 744C 616E 6725 3365 656E 2533 632F | nstLang%3een%3c/
000003F0 | 496E 7374 4C61 6E67 2533 6525 3363 4870 | InstLang%3e%3cHp
00000400 | 2533 6525 3363 2125 3562 4344 4154 4125 | %3e%3c!%5bCDATA%
00000410 | 3562 2535 6425 3564 2533 6525 3363 2F48 | 5b%5d%5d%3e%3c/H
00000420 | 7025 3365 2533 6344 6566 6175 6C74 5365 | p%3e%3cDefaultSe
00000430 | 6172 6368 2533 6525 3363 2125 3562 4344 | arch%3e%3c!%5bCD
00000440 | 4154 4125 3562 2535 6425 3564 2533 6525 | ATA%5b%5d%5d%3e%
00000450 | 3363 2F44 6566 6175 6C74 5365 6172 6368 | 3c/DefaultSearch
00000460 | 2533 6525 3363 4272 6F77 7365 7225 3365 | %3e%3cBrowser%3e
00000470 | 2533 6321 2535 6243 4441 5441 2535 6225 | %3c!%5bCDATA%5b%
00000480 | 3564 2535 6425 3365 2533 632F 4272 6F77 | 5d%5d%3e%3c/Brow
00000490 | 7365 7225 3365 2533 634F 7325 3365 352E | ser%3e%3cOs%3e5.
000004A0 | 3125 3363 2F4F 7325 3365 2533 6341 7070 | 1%3c/Os%3e%3cApp
000004B0 | 4964 2533 6531 3032 2533 632F 4170 7049 | Id%3e102%3c/AppI
000004C0 | 6425 3365 2533 6353 7973 7465 6D49 6425 | d%3e%3cSystemId%
000004D0 | 3365 3430 3625 3363 2F53 7973 7465 6D49 | 3e406%3c/SystemI
000004E0 | 6425 3365 2533 6349 7336 3425 3365 3025 | d%3e%3cIs64%3e0%
000004F0 | 3363 2F49 7336 3425 3365 2533 6353 6574 | 3c/Is64%3e%3cSet
00000500 | 4945 2533 6559 6573 2533 632F 5365 7449 | IE%3eYes%3c/SetI
00000510 | 4525 3365 2533 6353 6574 4646 2533 654E | E%3e%3cSetFF%3eN
00000520 | 6F25 3363 2F53 6574 4646 2533 6525 3363 | o%3c/SetFF%3e%3c
00000530 | 5365 744F 7065 7261 2533 654E 6F25 3363 | SetOpera%3eNo%3c
00000540 | 2F53 6574 4F70 6572 6125 3365 2533 6353 | /SetOpera%3e%3cS
00000550 | 6574 4368 726F 6D65 2533 654E 6F25 3363 | etChrome%3eNo%3c
00000560 | 2F53 6574 4368 726F 6D65 2533 6525 3363 | /SetChrome%3e%3c
00000570 | 5365 7442 484F 2533 6559 6573 2533 632F | SetBHO%3eYes%3c/
00000580 | 5365 7442 484F 2533 6525 3363 5365 7444 | SetBHO%3e%3cSetD
00000590 | 4D25 3365 5965 7325 3363 2F53 6574 444D | M%3eYes%3c/SetDM
000005A0 | 2533 6525 3363 5573 6572 5442 2533 6559 | %3e%3cUserTB%3eY
000005B0 | 6573 2533 632F 5573 6572 5442 2533 6525 | es%3c/UserTB%3e%
000005C0 | 3363 5573 6572 5365 6172 6368 2533 6559 | 3cUserSearch%3eY
000005D0 | 6573 2533 632F 5573 6572 5365 6172 6368 | es%3c/UserSearch
000005E0 | 2533 6525 3363 496E 7374 4F70 7469 6F6E | %3e%3cInstOption
000005F0 | 2533 6554 7970 6963 616C 2533 632F 496E | %3eTypical%3c/In
00000600 | 7374 4F70 7469 6F6E 2533 6525 3363 436C | stOption%3e%3cCl
00000610 | 6965 6E74 5665 7225 3365 312E 3830 2E30 | ientVer%3e1.80.0
00000620 | 2E31 3036 3131 3725 3363 2F43 6C69 656E | .106117%3c/Clien
00000630 | 7456 6572 2533 6525 3363 436C 6965 6E74 | tVer%3e%3cClient
00000640 | 5479 7065 2533 654E 6577 2533 632F 436C | Type%3eNew%3c/Cl
00000650 | 6965 6E74 5479 7065 2533 6525 3363 2F44 | ientType%3e%3c/D
00000660 | 6174 6125 3365 2533 6325 3366 786D 6C25 | ata%3e%3c%3fxml%
00000670 | 3230 7665 7273 696F 6E25 3364 2532 3231 | 20version%3d%221
00000680 | 2E30 2532 3225 3230 656E 636F 6469 6E67 | .0%22%20encoding
00000690 | 2533 6425 3232 5554 462D 3825 3232 2533 | %3d%22UTF-8%22%3
000006A0 | 6625 3365 2533 6344 6174 6125 3365 2533 | f%3e%3cData%3e%3
000006B0 | 6356 6572 2533 6532 2E35 2E30 2E31 3033 | cVer%3e2.5.0.103
000006C0 | 3236 3825 3363 2F56 6572 2533 6525 3363 | 268%3c/Ver%3e%3c
000006D0 | 4F6C 6456 6572 2533 6525 3363 2F4F 6C64 | OldVer%3e%3c/Old
000006E0 | 5665 7225 3365 2533 6354 7970 6525 3365 | Ver%3e%3cType%3e
000006F0 | 4E65 7725 3363 2F54 7970 6525 3365 2533 | New%3c/Type%3e%3
00000700 | 6349 6E73 744C 616E 6725 3365 656E 2533 | cInstLang%3een%3
00000710 | 632F 496E 7374 4C61 6E67 2533 6525 3363 | c/InstLang%3e%3c
00000720 | 4870 2533 6525 3363 2125 3562 4344 4154 | Hp%3e%3c!%5bCDAT
00000730 | 4125 3562 2535 6425 3564 2533 6525 3363 | A%5b%5d%5d%3e%3c
00000740 | 2F48 7025 3365 2533 6344 6566 6175 6C74 | /Hp%3e%3cDefault
00000750 | 5365 6172 6368 2533 6525 3363 2125 3562 | Search%3e%3c!%5b
00000760 | 4344 4154 4125 3562 2535 6425 3564 2533 | CDATA%5b%5d%5d%3
00000770 | 6525 3363 2F44 6566 6175 6C74 5365 6172 | e%3c/DefaultSear
00000780 | 6368 2533 6525 3363 4272 6F77 7365 7225 | ch%3e%3cBrowser%
00000790 | 3365 2533 6321 2535 6243 4441 5441 2535 | 3e%3c!%5bCDATA%5
000007A0 | 6225 3564 2535 6425 3365 2533 632F 4272 | b%5d%5d%3e%3c/Br
000007B0 | 6F77 7365 7225 3365 2533 634F 7325 3365 | owser%3e%3cOs%3e
000007C0 | 352E 3125 3363 2F4F 7325 3365 2533 6341 | 5.1%3c/Os%3e%3cA
000007D0 | 7070 4964 2533 6531 3032 2533 632F 4170 | ppId%3e102%3c/Ap
000007E0 | 7049 6425 3365 2533 6353 7973 7465 6D49 | pId%3e%3cSystemI
000007F0 | 6425 3365 3430 3625 3363 2F53 7973 7465 | d%3e406%3c/Syste
00000800 | 6D49 6425 3365 2533 6349 7336 3425 3365 | mId%3e%3cIs64%3e
00000810 | 3025 3363 2F49 7336 3425 3365 2533 6353 | 0%3c/Is64%3e%3cS
00000820 | 6574 4945 2533 6559 6573 2533 632F 5365 | etIE%3eYes%3c/Se
00000830 | 7449 4525 3365 2533 6353 6574 4646 2533 | tIE%3e%3cSetFF%3
00000840 | 654E 6F25 3363 2F53 6574 4646 2533 6525 | eNo%3c/SetFF%3e%
00000850 | 3363 5365 744F 7065 7261 2533 654E 6F25 | 3cSetOpera%3eNo%
00000860 | 3363 2F53 6574 4F70 6572 6125 3365 2533 | 3c/SetOpera%3e%3
00000870 | 6353 6574 4368 726F 6D65 2533 654E 6F25 | cSetChrome%3eNo%
00000880 | 3363 2F53 6574 4368 726F 6D65 2533 6525 | 3c/SetChrome%3e%
00000890 | 3363 5365 7442 484F 2533 6559 6573 2533 | 3cSetBHO%3eYes%3
000008A0 | 632F 5365 7442 484F 2533 6525 3363 5365 | c/SetBHO%3e%3cSe
000008B0 | 7444 4D25 3365 5965 7325 3363 2F53 6574 | tDM%3eYes%3c/Set
000008C0 | 444D 2533 6525 3363 5573 6572 5442 2533 | DM%3e%3cUserTB%3
000008D0 | 6559 6573 2533 632F 5573 6572 5442 2533 | eYes%3c/UserTB%3
000008E0 | 6525 3363 5573 6572 5365 6172 6368 2533 | e%3cUserSearch%3
000008F0 | 6559 6573 2533 632F 5573 6572 5365 6172 | eYes%3c/UserSear
00000900 | 6368 2533 6525 3363 496E 7374 4F70 7469 | ch%3e%3cInstOpti
00000910 | 6F6E 2533 6554 7970 6963 616C 2533 632F | on%3eTypical%3c/
00000920 | 496E 7374 4F70 7469 6F6E 2533 6525 3363 | InstOption%3e%3c
00000930 | 436C 6965 6E74 5665 7225 3365 312E 3830 | ClientVer%3e1.80
00000940 | 2E30 2E31 3036 3131 3725 3363 2F43 6C69 | .0.106117%3c/Cli
00000950 | 656E 7456 6572 2533 6525 3363 436C 6965 | entVer%3e%3cClie
00000960 | 6E74 5479 7065 2533 654E 6577 2533 632F | ntType%3eNew%3c/
00000970 | 436C 6965 6E74 5479 7065 2533 6525 3363 | ClientType%3e%3c
00000980 | 2F44 6174 6125 3365                     | /Data%3e
00000000 | 7573 6572 4669 6C65 3D30 2535 4535 3936 | userFile=0%5E596
00000010 | 3525 3545 3944 4539 3336 3443 3745 3436 | 5%5E9DE9364C7E46
00000020 | 3442 4544 4235 4243 4546 3845 3736 3939 | 4BEDB5BCEF8E7699
00000030 | 3039 3833 2535 4532 3031 3130 3531 3725 | 0983%5E20110517%
00000040 | 3545 4D6F 7A69 6C6C 6125 3246 342E 3025 | 5EMozilla%2F4.0%
00000050 | 3230 2863 6F6D 7061 7469 626C 6525 3342 | 20(compatible%3B
00000060 | 2532 304D 5349 4525 3230 362E 3025 3342 | %20MSIE%206.0%3B
00000070 | 2532 3057 696E 646F 7773 2532 304E 5425 | %20Windows%20NT%
00000080 | 3230 352E 3125 3342 2532 3053 5631 2533 | 205.1%3B%20SV1%3
00000090 | 4225 3230 2E4E 4554 2532 3043 4C52 2532 | B%20.NET%20CLR%2
000000A0 | 3032 2E30 2E35 3037 3237 2925 3545 656E | 02.0.50727)%5Een
000000B0 | 2535 4534 2E31 2E30 2E30 3125 3545 7365 | %5E4.1.0.01%5Ese
000000C0 | 6172 6368 7175 746F 6F6C 6261 7225 3545 | archqutoolbar%5E
000000D0 | 3336 3037 7E31 2535 4531 3730 3531 3525 | 3607~1%5E170515%
000000E0 | 3545 3125 3545 5F7E 7E                  | 5E1%5E_~~

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.