Technical Information
To ensure autorun and distribution
Sets the following service settings
- [HKLM\System\CurrentControlSet\Services\EASL AVI Tool Box 11.2.46] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\EASL AVI Tool Box 11.2.46] 'ImagePath' = '%ALLUSERSPROFILE%\EASL AVI Tool Box 11.2.46\EASL AVI Tool Box 11.2.46.exe'
Creates the following services
- 'EASL AVI Tool Box 11.2.46' %ALLUSERSPROFILE%\EASL AVI Tool Box 11.2.46\EASL AVI Tool Box 11.2.46.exe
Modifies file system
Creates the following files
- %TEMP%\is-jnrnf.tmp\<File name>.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-k8ebt.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-v859l.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-ivk8r.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-o8vdn.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-efjji.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-c9e3p.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-lf87f.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-9s7ef.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-fv1u2.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-f8na3.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-9arbn.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-hvoin.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-5j7k5.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-udiht.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-0b2pt.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-gcviu.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-67h87.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-soboi.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\avitb32.exe
- %LOCALAPPDATA%\avitoolbox 4.20\is-djpb1.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\unins000.dat
- %LOCALAPPDATA%\avitoolbox 4.20\is-n0me9.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-9277i.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-jvcn9.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-rbpef.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-39re5.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-ij6to.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-tl15j.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-snk2n.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-ka8rv.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-c290a.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-r4hq7.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-ruiel.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-cps90.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-6s4vg.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-0j912.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-bq7fj.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-tjsqf.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-7rd4c.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-p4it4.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-7fpo3.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.windows.common-controls\is-7hni3.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-5puuu.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-irh1o.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-nc4f5.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-5k62g.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-cgsl7.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-coglf.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-g2i3j.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-05gnj.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-bqlfk.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\is-7m9m9.tmp
- %TEMP%\is-ca362.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-ca362.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-ca362.tmp\_isetup\_setup64.tmp
- %TEMP%\is-ca362.tmp\_isetup\_regdll.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-1m2dn.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-vlr5h.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-32vq0.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-2fuqa.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-jq4eq.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-ojpuq.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-1e0os.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-bn8n4.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-i7661.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-h5rif.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-nb567.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-a0iq6.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-vcadj.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-1qe4i.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-h0tme.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-kafkl.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-bjabh.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-hdhec.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-sef1p.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-qdnnh.tmp
- %LOCALAPPDATA%\avitoolbox 4.20\language\is-2774h.tmp
- %ALLUSERSPROFILE%\easl avi tool box 11.2.46\easl avi tool box 11.2.46.exe
Deletes the following files
- %LOCALAPPDATA%\avitoolbox 4.20\verify.dll
Moves the following files
- from %LOCALAPPDATA%\avitoolbox 4.20\is-7m9m9.tmp to %LOCALAPPDATA%\avitoolbox 4.20\unins000.exe
- from %LOCALAPPDATA%\avitoolbox 4.20\is-ivk8r.tmp to %LOCALAPPDATA%\avitoolbox 4.20\postproc-51.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-o8vdn.tmp to %LOCALAPPDATA%\avitoolbox 4.20\encodesettings.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\is-efjji.tmp to %LOCALAPPDATA%\avitoolbox 4.20\intelhw.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-c9e3p.tmp to %LOCALAPPDATA%\avitoolbox 4.20\nvencoderkernel.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-lf87f.tmp to %LOCALAPPDATA%\avitoolbox 4.20\cudaencoderkernel.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-k8ebt.tmp to %LOCALAPPDATA%\avitoolbox 4.20\recwin7.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-fv1u2.tmp to %LOCALAPPDATA%\avitoolbox 4.20\capture.wav
- from %LOCALAPPDATA%\avitoolbox 4.20\is-f8na3.tmp to %LOCALAPPDATA%\avitoolbox 4.20\avutil-52.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-9arbn.tmp to %LOCALAPPDATA%\avitoolbox 4.20\avformat.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\is-hvoin.tmp to %LOCALAPPDATA%\avitoolbox 4.20\postproc-52.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-5j7k5.tmp to %LOCALAPPDATA%\avitoolbox 4.20\avdevice-55.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-udiht.tmp to %LOCALAPPDATA%\avitoolbox 4.20\audioresample.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-0b2pt.tmp to %LOCALAPPDATA%\avitoolbox 4.20\bitmap2avi.dll.intermediate.manifest
- from %LOCALAPPDATA%\avitoolbox 4.20\is-67h87.tmp to %LOCALAPPDATA%\avitoolbox 4.20\camcapture.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-nb567.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_russian.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\is-9s7ef.tmp to %LOCALAPPDATA%\avitoolbox 4.20\screenhook.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-rbpef.tmp to %LOCALAPPDATA%\avitoolbox 4.20\istask.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-39re5.tmp to %LOCALAPPDATA%\avitoolbox 4.20\apngdecoder.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-ij6to.tmp to %LOCALAPPDATA%\avitoolbox 4.20\servicectrl.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-snk2n.tmp to %LOCALAPPDATA%\avitoolbox 4.20\installhelp.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-soboi.tmp to %LOCALAPPDATA%\avitoolbox 4.20\ve64.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-ka8rv.tmp to %LOCALAPPDATA%\avitoolbox 4.20\ve32.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-gcviu.tmp to %LOCALAPPDATA%\avitoolbox 4.20\pthreadvc2.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-v859l.tmp to %LOCALAPPDATA%\avitoolbox 4.20\pthreadgc2.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-ruiel.tmp to %LOCALAPPDATA%\avitoolbox 4.20\xvidcore.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-cps90.tmp to %LOCALAPPDATA%\avitoolbox 4.20\waverec.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\is-6s4vg.tmp to %LOCALAPPDATA%\avitoolbox 4.20\waverec.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-0j912.tmp to %LOCALAPPDATA%\avitoolbox 4.20\utlis.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-djpb1.tmp to %LOCALAPPDATA%\avitoolbox 4.20\textdlg.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-tjsqf.tmp to %LOCALAPPDATA%\avitoolbox 4.20\swscale-2.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-r4hq7.tmp to %LOCALAPPDATA%\avitoolbox 4.20\magicskin.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-bq7fj.tmp to %LOCALAPPDATA%\avitoolbox 4.20\swresample-0.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-tl15j.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_spanish.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-7rd4c.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_russian.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-a0iq6.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_portugues.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-nc4f5.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\mfcm90.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-bqlfk.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\microsoft.vc90.crt.manifest
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-05gnj.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\msvcm90.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-1m2dn.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\msvcp90.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-g2i3j.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\msvcr90.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-cgsl7.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\mfc90.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-9277i.tmp to %LOCALAPPDATA%\avitoolbox 4.20\gsdownload.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-5k62g.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\mfc90u.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-2fuqa.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\italian.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-5puuu.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\microsoft.vc90.mfc.manifest
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.windows.common-controls\is-7hni3.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.windows.common-controls\comctl32.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-7fpo3.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\chinese(traditional).ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-coglf.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\english.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-2774h.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\frence.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-irh1o.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\mfcm90u.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\is-c290a.tmp to %LOCALAPPDATA%\avitoolbox 4.20\verify.dll
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-qdnnh.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\portugues.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-bjabh.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_chinese(traditional).ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-sef1p.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\russian.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-32vq0.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_italian.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-jq4eq.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_japanese.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-ojpuq.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_frence.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-1e0os.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_english.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-bn8n4.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_chinese(traditional).ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-hdhec.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\spanish.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-i7661.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\index.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-p4it4.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\japanese.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-vcadj.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_portugues.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-vlr5h.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_italian.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-1qe4i.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_japanese.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-h0tme.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_frence.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-kafkl.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_english.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\language\is-h5rif.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_spanish.ini
- from %LOCALAPPDATA%\avitoolbox 4.20\is-n0me9.tmp to %LOCALAPPDATA%\avitoolbox 4.20\avitb32.exe
Substitutes the following files
- %LOCALAPPDATA%\avitoolbox 4.20\verify.dll
Miscellaneous
Searches for the following windows
- ClassName: 'r56d1_aviTB_1124_r56d1' WindowName: ''
Creates and executes the following
- '%TEMP%\is-jnrnf.tmp\<File name>.tmp' /SL5="$50246,5421338,54272,<Full path to file>"
- '%LOCALAPPDATA%\avitoolbox 4.20\avitb32.exe' -i
