Technical Information
To ensure autorun and distribution
Sets the following service settings
- [HKLM\System\CurrentControlSet\Services\EASL AVI Tool Box 11.2.46] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\EASL AVI Tool Box 11.2.46] 'ImagePath' = '%ALLUSERSPROFILE%\EASL AVI Tool Box 11.2.46\EASL AVI Tool Box 11.2.46.exe'
Creates the following services
- 'EASL AVI Tool Box 11.2.46' %ALLUSERSPROFILE%\EASL AVI Tool Box 11.2.46\EASL AVI Tool Box 11.2.46.exe
Modifies file system
Creates the following files
- %TEMP%\is-nhj61.tmp\<File name>.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-s5tte.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-7kaor.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-ejjtj.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-rft4p.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-mge7f.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-d7f88.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-ilel8.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-p8a1m.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-4c7la.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-6h0f8.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-9g5ef.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-82ssi.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-isnle.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-i6t92.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-72sre.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-8ilno.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-gt0nc.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-2jac8.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\avitb32.exe
- %LOCALAPPDATA%\avitoolbox 4.20\is-njcl2.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\unins000.dat
- %LOCALAPPDATA%\avitoolbox 4.20\is-mjvbo.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-uljn5.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-74qut.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-tnsn9.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-6a721.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-jc4d1.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-ihmds.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-l9uol.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-aomjk.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-n3o54.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-sdt2s.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-e4ke3.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-f2hnp.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-2rqtp.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-ummmq.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-7tcp5.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-fv0pp.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-pbb4u.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-d2bt9.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-sbmgm.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.windows.common-controls\is-bdi5t.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-d304j.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-lov5p.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-f6d8s.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-c2hbb.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-5o40m.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-1t6rt.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-65stj.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-bibsr.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-akt8p.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-nudkk.tmp
- %TEMP%\is-ovkek.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-ovkek.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-ovkek.tmp\_isetup\_setup64.tmp
- %TEMP%\is-ovkek.tmp\_isetup\_regdll.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-4tvde.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-9juc1.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-jiqo5.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-o16ol.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-q23gu.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-ugg65.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-u2odl.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-0fe30.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-q4ait.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-91d3u.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-1dkbd.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-tr7id.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-gilhh.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-ivn9i.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-mq4du.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-sb4h2.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-qvqoh.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-86im9.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-bh7rf.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-vv62o.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-lo5u9.tmp
- %ALLUSERSPROFILE%\easl avi tool box 11.2.46\easl avi tool box 11.2.46.exe
Deletes the following files
- %LOCALAPPDATA%\avitoolbox 4.20\verify.dll
Moves the following files
- from %LOCALAPPDATA%\avitoolbox 4.20\is-nudkk.tmp to %LOCALAPPDATA%\avitoolbox 4.20\unins000.exe
- from %LOCALAPPDATA%\avitoolbox 4.20\is-ejjtj.tmp to %LOCALAPPDATA%\avitoolbox 4.20\postproc-51.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-rft4p.tmp to %LOCALAPPDATA%\avitoolbox 4.20\encodesettings.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\is-mge7f.tmp to %LOCALAPPDATA%\avitoolbox 4.20\intelhw.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-d7f88.tmp to %LOCALAPPDATA%\avitoolbox 4.20\nvencoderkernel.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-ilel8.tmp to %LOCALAPPDATA%\avitoolbox 4.20\cudaencoderkernel.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-s5tte.tmp to %LOCALAPPDATA%\avitoolbox 4.20\recwin7.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-4c7la.tmp to %LOCALAPPDATA%\avitoolbox 4.20\capture.wav
- from %LOCALAPPDATA%\avitoolbox 4.20\is-6h0f8.tmp to %LOCALAPPDATA%\avitoolbox 4.20\avutil-52.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-9g5ef.tmp to %LOCALAPPDATA%\avitoolbox 4.20\avformat.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\is-82ssi.tmp to %LOCALAPPDATA%\avitoolbox 4.20\postproc-52.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-isnle.tmp to %LOCALAPPDATA%\avitoolbox 4.20\avdevice-55.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-i6t92.tmp to %LOCALAPPDATA%\avitoolbox 4.20\audioresample.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-72sre.tmp to %LOCALAPPDATA%\avitoolbox 4.20\bitmap2avi.dll.intermediate.manifest
- from %LOCALAPPDATA%\avitoolbox 4.20\is-gt0nc.tmp to %LOCALAPPDATA%\avitoolbox 4.20\camcapture.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-1dkbd.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_russian.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\is-p8a1m.tmp to %LOCALAPPDATA%\avitoolbox 4.20\screenhook.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-tnsn9.tmp to %LOCALAPPDATA%\avitoolbox 4.20\istask.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-6a721.tmp to %LOCALAPPDATA%\avitoolbox 4.20\apngdecoder.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-jc4d1.tmp to %LOCALAPPDATA%\avitoolbox 4.20\servicectrl.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-l9uol.tmp to %LOCALAPPDATA%\avitoolbox 4.20\installhelp.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-2jac8.tmp to %LOCALAPPDATA%\avitoolbox 4.20\ve64.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-aomjk.tmp to %LOCALAPPDATA%\avitoolbox 4.20\ve32.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-8ilno.tmp to %LOCALAPPDATA%\avitoolbox 4.20\pthreadvc2.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-7kaor.tmp to %LOCALAPPDATA%\avitoolbox 4.20\pthreadgc2.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-e4ke3.tmp to %LOCALAPPDATA%\avitoolbox 4.20\xvidcore.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-f2hnp.tmp to %LOCALAPPDATA%\avitoolbox 4.20\waverec.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\is-2rqtp.tmp to %LOCALAPPDATA%\avitoolbox 4.20\waverec.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-ummmq.tmp to %LOCALAPPDATA%\avitoolbox 4.20\utlis.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-njcl2.tmp to %LOCALAPPDATA%\avitoolbox 4.20\textdlg.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-fv0pp.tmp to %LOCALAPPDATA%\avitoolbox 4.20\swscale-2.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-sdt2s.tmp to %LOCALAPPDATA%\avitoolbox 4.20\magicskin.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-7tcp5.tmp to %LOCALAPPDATA%\avitoolbox 4.20\swresample-0.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-ihmds.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_spanish.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-pbb4u.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_russian.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-tr7id.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_portugues.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-f6d8s.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\mfcm90.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-akt8p.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\microsoft.vc90.crt.manifest
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-bibsr.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\msvcm90.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-4tvde.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\msvcp90.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-65stj.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\msvcr90.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-5o40m.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\mfc90.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-uljn5.tmp to %LOCALAPPDATA%\avitoolbox 4.20\gsdownload.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-c2hbb.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\mfc90u.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-o16ol.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\italian.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-d304j.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\microsoft.vc90.mfc.manifest
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.windows.common-controls\is-bdi5t.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.windows.common-controls\comctl32.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-sbmgm.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\chinese(traditional).ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-1t6rt.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\english.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-lo5u9.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\frence.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-lov5p.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\mfcm90u.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-n3o54.tmp to %LOCALAPPDATA%\avitoolbox 4.20\verify.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-vv62o.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\portugues.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-qvqoh.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_chinese(traditional).ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-bh7rf.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\russian.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-jiqo5.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_italian.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-q23gu.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_japanese.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-ugg65.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_frence.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-u2odl.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_english.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-0fe30.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_chinese(traditional).ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-86im9.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\spanish.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-q4ait.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\index.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-d2bt9.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\japanese.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-gilhh.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_portugues.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-9juc1.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_italian.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-ivn9i.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_japanese.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-mq4du.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_frence.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-sb4h2.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_english.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-91d3u.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_spanish.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\is-mjvbo.tmp to %LOCALAPPDATA%\avitoolbox 4.20\avitb32.exe
Substitutes the following files
- %LOCALAPPDATA%\avitoolbox 4.20\verify.dll
Miscellaneous
Searches for the following windows
- ClassName: 'fad45_aviTB_1124_fad45' WindowName: ''
Creates and executes the following
- '%TEMP%\is-nhj61.tmp\<File name>.tmp' /SL5="$5024C,5421245,54272,<Full path to file>"
- '%LOCALAPPDATA%\avitoolbox 4.20\avitb32.exe' -i
