Gen.Trojan.Heur.DqWrHOCt1pif_2306813bc2
UDS:DangerousObject.Multi.Generic (Kaspersky), Gen:Trojan.Heur.DqW@rHOCt1pif (B) (Emsisoft), Gen:Trojan.Heur.DqW@rHOCt1pif (AdAware), ZeroAccess.YR (Lavasoft MAS)
Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
| Requires JavaScript enabled! |
|---|
MD5: 2306813bc237cf7655ed3ebc0cc79b40
SHA1: 061defb8f6cfd9ec8f107eea84698dc0a48ad364
SHA256: 4b8c4b03bd78f2cc8dd00e14721e07daecfeac0994faef1a2edaf4490ce8dd72
SSDeep: 12288:udCD1uwO1QaPQQ04E4STX/DQcvPJgB15sC7Clip4gU2j0fVsVe:udCD1uw7eK4WDhLlFgU2jaVH
Size: 484864 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-01-06 02:36:08
Analyzed on: WindowsXP SP3 32-bit
Summary:
Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:216
%original file name%.exe:1788
%original file name%.exe:1140
%original file name%.exe:212
%original file name%.exe:1264
%original file name%.exe:132
%original file name%.exe:492
%original file name%.exe:1948
%original file name%.exe:1776
%original file name%.exe:1836
%original file name%.exe:1220
%original file name%.exe:544
%original file name%.exe:1376
%original file name%.exe:280
%original file name%.exe:548
%original file name%.exe:1916
%original file name%.exe:284
%original file name%.exe:816
%original file name%.exe:408
%original file name%.exe:716
%original file name%.exe:1156
%original file name%.exe:1152
%original file name%.exe:1620
%original file name%.exe:332
%original file name%.exe:1016
%original file name%.exe:1064
%original file name%.exe:928
%original file name%.exe:828
%original file name%.exe:296
%original file name%.exe:824
%original file name%.exe:376
%original file name%.exe:1080
%original file name%.exe:1480
%original file name%.exe:396
%original file name%.exe:268
%original file name%.exe:1716
%original file name%.exe:1520
%original file name%.exe:368
%original file name%.exe:364
%original file name%.exe:916
%original file name%.exe:1392
%original file name%.exe:1236
%original file name%.exe:1232
%original file name%.exe:1336
%original file name%.exe:304
%original file name%.exe:1252
%original file name%.exe:240
%original file name%.exe:388
%original file name%.exe:1436
%original file name%.exe:900
%original file name%.exe:1432
%original file name%.exe:1840
%original file name%.exe:788
%original file name%.exe:1648
%original file name%.exe:1240
%original file name%.exe:1244
%original file name%.exe:516
%original file name%.exe:620
%original file name%.exe:624
%original file name%.exe:1228
%original file name%.exe:1980
%original file name%.exe:1988
%original file name%.exe:652
%original file name%.exe:636
%original file name%.exe:1860
%original file name%.exe:1596
%original file name%.exe:1864
%original file name%.exe:228
%original file name%.exe:1676
%original file name%.exe:220
%original file name%.exe:868
%original file name%.exe:1992
%original file name%.exe:1996
%original file name%.exe:1028
%original file name%.exe:2024
%original file name%.exe:1104
%original file name%.exe:1672
%original file name%.exe:1452
%original file name%.exe:2012
%original file name%.exe:2028
%original file name%.exe:728
%original file name%.exe:1164
%original file name%.exe:1160
%original file name%.exe:884
%original file name%.exe:1816
%original file name%.exe:1056
%original file name%.exe:1536
%original file name%.exe:1964
%original file name%.exe:1960
%original file name%.exe:2036
%original file name%.exe:1792
%original file name%.exe:644
%original file name%.exe:1176
%original file name%.exe:1272
%original file name%.exe:616
%original file name%.exe:1052
%original file name%.exe:1276
%original file name%.exe:1888
%original file name%.exe:484
%original file name%.exe:1608
%original file name%.exe:1604
%original file name%.exe:1472
%original file name%.exe:356
%original file name%.exe:2000
%original file name%.exe:260
%original file name%.exe:352
%original file name%.exe:2004
%original file name%.exe:804
cscript.exe:1788
cscript.exe:216
cscript.exe:1140
cscript.exe:212
cscript.exe:1264
cscript.exe:132
cscript.exe:1300
cscript.exe:1948
cscript.exe:1776
cscript.exe:1836
cscript.exe:1076
cscript.exe:624
cscript.exe:1072
cscript.exe:344
cscript.exe:544
cscript.exe:1376
cscript.exe:1520
cscript.exe:1676
cscript.exe:220
cscript.exe:816
cscript.exe:408
cscript.exe:1792
cscript.exe:1156
cscript.exe:1796
cscript.exe:364
cscript.exe:1824
cscript.exe:1064
cscript.exe:928
cscript.exe:828
cscript.exe:824
cscript.exe:376
cscript.exe:1080
cscript.exe:584
cscript.exe:1920
cscript.exe:396
cscript.exe:1252
cscript.exe:1016
cscript.exe:916
cscript.exe:1392
cscript.exe:1236
cscript.exe:1336
cscript.exe:1136
cscript.exe:240
cscript.exe:388
cscript.exe:1436
cscript.exe:1432
cscript.exe:1840
cscript.exe:788
cscript.exe:1648
cscript.exe:1536
cscript.exe:1244
cscript.exe:432
cscript.exe:516
cscript.exe:1220
cscript.exe:252
cscript.exe:1632
cscript.exe:1980
cscript.exe:1988
cscript.exe:652
cscript.exe:188
cscript.exe:1036
cscript.exe:632
cscript.exe:636
cscript.exe:1860
cscript.exe:1596
cscript.exe:228
cscript.exe:780
cscript.exe:1916
cscript.exe:1992
cscript.exe:1996
cscript.exe:1028
cscript.exe:1104
cscript.exe:1672
cscript.exe:1452
cscript.exe:2012
cscript.exe:728
cscript.exe:1512
cscript.exe:1164
cscript.exe:1160
cscript.exe:884
cscript.exe:1168
cscript.exe:232
cscript.exe:1816
cscript.exe:1056
cscript.exe:1240
cscript.exe:1960
cscript.exe:2032
cscript.exe:716
cscript.exe:1176
cscript.exe:776
cscript.exe:612
cscript.exe:616
cscript.exe:1276
cscript.exe:484
cscript.exe:1976
cscript.exe:1288
cscript.exe:940
cscript.exe:1472
cscript.exe:2000
cscript.exe:476
cscript.exe:352
cscript.exe:1368
cscript.exe:804
The Trojan injects its code into the following process(es):
fGAwoYMM.exe:772
reIEcoQI.exe:556
NesIMIQs.exe:560
Mutexes
The following mutexes were created/opened:
No objects were found.
File activity
The process fGAwoYMM.exe:772 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (2321 bytes)
C:\totalcmd\TCUNINST.EXE.exe (3073 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (7726 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (2321 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (30812 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (2321 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (3073 bytes)
C:\totalcmd\TcUsbRun.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\KAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (3361 bytes)
C:\totalcmd\TCMDX32.EXE.exe (3361 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (5441 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (2321 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp (0 bytes)
C:\totalcmd\TCUNINST.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp (0 bytes)
C:\totalcmd\TCMADMIN.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg (0 bytes)
C:\totalcmd\TCMDX32.EXE (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg (0 bytes)
C:\totalcmd\TOTALCMD.EXE (0 bytes)
The process %original file name%.exe:216 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hoIEkYIc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wycsYQow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HYIcAQYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oOkEkAww.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vEIEQYgE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BkEoEMMs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oiQYwgAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HQAQcUIc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vEIEQYgE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BkEoEMMs.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oiQYwgAE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HQAQcUIc.bat (0 bytes)
The process %original file name%.exe:1788 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MeQQwwEo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dKcIgYcY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MeQQwwEo.bat (0 bytes)
The process %original file name%.exe:1140 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PYMosgcY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pawkkYMY.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PYMosgcY.bat (0 bytes)
The process %original file name%.exe:212 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RAsQAkoA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qussMUkI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NyMAQQIQ.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZwEIsoso.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RAsQAkoA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NyMAQQIQ.bat (0 bytes)
The process %original file name%.exe:1264 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OWUUsoco.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QuMokwgs.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QuMokwgs.bat (0 bytes)
The process %original file name%.exe:132 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jCkAwwEs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RIEYAQcM.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jCkAwwEs.bat (0 bytes)
The process %original file name%.exe:492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XooEMsUM.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The process %original file name%.exe:1948 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IqMgsAww.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DcIcIscw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bukgwwsY.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BcsQkUEU.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IqMgsAww.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BcsQkUEU.bat (0 bytes)
The process %original file name%.exe:1776 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rMwEYcUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eeYIUQYg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZKYocIws.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AywAwkoQ.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rMwEYcUI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eeYIUQYg.bat (0 bytes)
The process %original file name%.exe:1836 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fKAkscsI.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rmYMUkEA.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fKAkscsI.bat (0 bytes)
The process %original file name%.exe:1220 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IkAEUwIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FQUQQwkY.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IkAEUwIE.bat (0 bytes)
The process %original file name%.exe:544 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rkQUAoAs.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eEwsocMc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eEwsocMc.bat (0 bytes)
The process %original file name%.exe:1376 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\goAsAAEw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PSEMMgsA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kikoAUsU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uWcsQAss.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PSEMMgsA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uWcsQAss.bat (0 bytes)
The process %original file name%.exe:280 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XUIAEIkY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qiEQcsQY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JMcwUkkY.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VukAwUYs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XUIAEIkY.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JMcwUkkY.bat (0 bytes)
The process %original file name%.exe:548 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\McYAswoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GeQsUcEg.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (120 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wsQskIYk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ygUMYowU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xiMQMQUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gmUQQYAY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wsQskIYk.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xiMQMQUI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gmUQQYAY.bat (0 bytes)
The process %original file name%.exe:1916 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YqYIUIsc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dEkoAQMg.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YqYIUIsc.bat (0 bytes)
The process %original file name%.exe:284 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gOUQMUIE.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TGEAIYMo.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TGEAIYMo.bat (0 bytes)
The process %original file name%.exe:816 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HYgMkgUE.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PUMQcUkg.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HYgMkgUE.bat (0 bytes)
The process %original file name%.exe:408 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jOgsAsUQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JIAIYgsc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KkYYUEUk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qqcoosYI.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WMYkkwUA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RScYAkAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pIIsssgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VoAookMI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WMYkkwUA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qqcoosYI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RScYAkAc.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VoAookMI.bat (0 bytes)
The process %original file name%.exe:716 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GSMMIIwo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UyMUIogo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fmUoYsQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CqgEgsQg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oigUcUAM.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oecIMUYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HMYkMEoU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hAQAAUMw.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GSMMIIwo.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UyMUIogo.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CqgEgsQg.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fmUoYsQE.bat (0 bytes)
The process %original file name%.exe:1156 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xkUkoQoo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FSkwcgww.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IcosAoow.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lyskkcQQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FSkwcgww.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IcosAoow.bat (0 bytes)
The process %original file name%.exe:1152 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CwckksIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSwAgoEQ.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CwckksIE.bat (0 bytes)
The process %original file name%.exe:1620 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cywQEoQE.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\neQkkAMo.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cywQEoQE.bat (0 bytes)
The process %original file name%.exe:332 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YOEcwYYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dcsEYcsM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ReQIcokI.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TcgUEQws.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dcsEYcsM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TcgUEQws.bat (0 bytes)
The process %original file name%.exe:1016 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ukwkcIMQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PyYAUAQQ.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PyYAUAQQ.bat (0 bytes)
The process %original file name%.exe:1064 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KCcgoEgQ.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HcIsoEEg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HcIsoEEg.bat (0 bytes)
The process %original file name%.exe:928 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EWoAQogI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OKcoAQoA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wgUcUIQI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nWEMkQcs.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OKcoAQoA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nWEMkQcs.bat (0 bytes)
The process %original file name%.exe:828 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FWAEwIoY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JCwMokEs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xwIYwgEQ.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BeIkoggo.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xwIYwgEQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FWAEwIoY.bat (0 bytes)
The process %original file name%.exe:296 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AGIoEMYQ.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hUQwcwoI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AGIoEMYQ.bat (0 bytes)
The process %original file name%.exe:824 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KyQEgcYo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qYYgwgks.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KyQEgcYo.bat (0 bytes)
The process %original file name%.exe:376 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FGUIYcgo.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XyEEQwcY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FGUIYcgo.bat (0 bytes)
The process %original file name%.exe:1080 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xekAIgkM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qWUQoAwQ.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (120 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\riIYkwUc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XuAwwAII.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YEEcQcoU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jeEQsEgw.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xekAIgkM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\riIYkwUc.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XuAwwAII.bat (0 bytes)
The process %original file name%.exe:1480 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vkwAIsYw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkQYQAsA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GewgAEEg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pIUkMskg.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (120 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FcoUAEIk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\luoMoAwo.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FcoUAEIk.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkQYQAsA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pIUkMskg.bat (0 bytes)
The process %original file name%.exe:396 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JYsogQYE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iSkwcYUQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JGIwMokQ.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LEsEcMkQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JYsogQYE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JGIwMokQ.bat (0 bytes)
The process %original file name%.exe:268 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VoQUYcEE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aqIsUoUk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rioQUUwY.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (120 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IkwUkosk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wEwwgcQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hugwQQgU.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wEwwgcQE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aqIsUoUk.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rioQUUwY.bat (0 bytes)
The process %original file name%.exe:1716 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mMsUoEMk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gesQIQEs.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (120 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FcIYokYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\heoUsIIU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sIsQAkAs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ReQkEkoc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\heoUsIIU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sIsQAkAs.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mMsUoEMk.bat (0 bytes)
The process %original file name%.exe:1520 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YkAMowko.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VoEIQooY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VoEIQooY.bat (0 bytes)
The process %original file name%.exe:368 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KqAkwkQE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MycMUcEs.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MycMUcEs.bat (0 bytes)
The process %original file name%.exe:364 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KMgsQYMc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JcwQEgMI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQcYwAYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iyckwoUY.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (120 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XeMkEogA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TuEksMss.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XeMkEogA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TuEksMss.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQcYwAYQ.bat (0 bytes)
The process %original file name%.exe:916 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yykMIcQQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DCoUMoMY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sWYUMUQw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HGMooMQY.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DCoUMoMY.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sWYUMUQw.bat (0 bytes)
The process %original file name%.exe:1392 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lSYUEcEE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uMIEgscc.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lSYUEcEE.bat (0 bytes)
The process %original file name%.exe:1236 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VaYEgYAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LiAYggcA.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LiAYggcA.bat (0 bytes)
The process %original file name%.exe:1232 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hysoMkEU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PiIIsYMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JMMcIwkQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gmEMEsMM.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ciYQIAUo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yowMIEYk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uQcsccYk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wuQoYMQI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ciYQIAUo.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JMMcIwkQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wuQoYMQI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uQcsccYk.bat (0 bytes)
The process %original file name%.exe:1336 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PagowEkw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bOQIUMQk.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GiEgIUsY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fOAYoYMo.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PagowEkw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GiEgIUsY.bat (0 bytes)
The process %original file name%.exe:304 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iKcYYIYM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xagcMYQk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ogkIwEww.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hwcwowkE.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iKcYYIYM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hwcwowkE.bat (0 bytes)
The process %original file name%.exe:1252 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Rcgkwcso.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xqYgsEIM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RAQwAMkA.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jyMMwYEA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Rcgkwcso.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jyMMwYEA.bat (0 bytes)
The process %original file name%.exe:240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oqcwQAcM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JuwYIYog.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IIIkcMoY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HWEMIQso.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JuwYIYog.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IIIkcMoY.bat (0 bytes)
The process %original file name%.exe:388 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ueUMwMQw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yocskgkU.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ueUMwMQw.bat (0 bytes)
The process %original file name%.exe:1436 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xiwMUwQE.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NMIEccIk.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NMIEccIk.bat (0 bytes)
The process %original file name%.exe:900 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xSgMgYgc.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TsAsAggU.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xSgMgYgc.bat (0 bytes)
The process %original file name%.exe:1432 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CCwcssgw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cGsoAMos.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GiwAUIUs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mqssEMMI.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CCwcssgw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mqssEMMI.bat (0 bytes)
The process %original file name%.exe:1840 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eosYAEUU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FgksMgsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SmkkUcgA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PIAcMoEw.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FgksMgsw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SmkkUcgA.bat (0 bytes)
The process %original file name%.exe:788 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CmMcgwoM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NigccAQQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JoIMwgMQ.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (120 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qWwkQAEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TSsEYkMQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\muwgcQsg.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CmMcgwoM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JoIMwgMQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TSsEYkMQ.bat (0 bytes)
The process %original file name%.exe:1648 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EOkUsocg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xYcMwgME.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GGgIEEkw.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XIEcwkwE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EOkUsocg.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GGgIEEkw.bat (0 bytes)
The process %original file name%.exe:1240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zoskEgUE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EUAcEkAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AKskwIkM.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JcckccAY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zoskEgUE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AKskwIkM.bat (0 bytes)
The process %original file name%.exe:1244 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FcIEEEQk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\keQcwQwc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\reYEkcEs.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fiIkgAgM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FcIEEEQk.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\keQcwQwc.bat (0 bytes)
The process %original file name%.exe:516 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XwYQAAoA.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rGQEIAgs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XwYQAAoA.bat (0 bytes)
The process %original file name%.exe:620 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe (3849 bytes)
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe (3681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\swcoMkgc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JaoMIIAs.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe (3729 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JaoMIIAs.bat (0 bytes)
The process %original file name%.exe:624 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jKgcQkMI.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PecAEscg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PecAEscg.bat (0 bytes)
The process %original file name%.exe:1228 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aeEocYcA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hGIAUUgA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tkoUsQcs.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DkUcwwws.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aeEocYcA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DkUcwwws.bat (0 bytes)
The process %original file name%.exe:1980 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lCooQoIk.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vsEgMgcc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vsEgMgcc.bat (0 bytes)
The process %original file name%.exe:1988 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\buYcAQEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fkAksQoY.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\buYcAQEQ.bat (0 bytes)
The process %original file name%.exe:652 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GEEYYooc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ByYwEQYk.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GEEYYooc.bat (0 bytes)
The process %original file name%.exe:636 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hqQIIwQU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PuAsoIgM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LqcQAQMM.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RMAkkUkI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LqcQAQMM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hqQIIwQU.bat (0 bytes)
The process %original file name%.exe:1860 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qQQYYEAo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DYQQkwUQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rWQAwMsI.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JOkcAMAQ.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qQQYYEAo.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JOkcAMAQ.bat (0 bytes)
The process %original file name%.exe:1596 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tmIsQwcI.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\myokMoYM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\myokMoYM.bat (0 bytes)
The process %original file name%.exe:1864 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\pEsgkQkg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cYMEIUcs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OkkIEYUw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geUQMUgo.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cYMEIUcs.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OkkIEYUw.bat (0 bytes)
The process %original file name%.exe:228 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lWokYEUY.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (120 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CYggkQQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\moAoQQgQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DIIkUsEU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cWsgwIgU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zYcEwAMo.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DIIkUsEU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cWsgwIgU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zYcEwAMo.bat (0 bytes)
The process %original file name%.exe:1676 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yAYMwIUc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DQgcEUgs.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DQgcEUgs.bat (0 bytes)
The process %original file name%.exe:220 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VIQUwIYY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NqYkUUsM.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uoMkIUME.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hWwYEIkI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cuIsUIws.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UOMwsQYA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BGIQMoMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQUIwgAY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uoMkIUME.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hWwYEIkI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VIQUwIYY.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cuIsUIws.bat (0 bytes)
The process %original file name%.exe:868 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NkwAwYQE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wmkooIIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UsUcgsQo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LcAAsIsk.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MsUQcMgQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CuMkIgcU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eysoEMUw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ciEYoUws.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WGEMooIs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SkkEMYkc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MsUQcMgQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LcAAsIsk.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wmkooIIE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WGEMooIs.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SkkEMYkc.bat (0 bytes)
The process %original file name%.exe:1992 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AUoAcEss.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CqssYIQU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kEAAsggk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\roQUEQIk.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\roQUEQIk.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kEAAsggk.bat (0 bytes)
The process %original file name%.exe:1996 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UqkoQsss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\guEMkwAw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\voIIoogY.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\veMUcAoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pgEgEogk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UIEcEcsE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WMIkUUMI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\heccSowR.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PgUYEwAM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yGgIoAMY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\guEMkwAw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yGgIoAMY.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PgUYEwAM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\voIIoogY.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UqkoQsss.bat (0 bytes)
The process %original file name%.exe:1028 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mgsgAcUY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSEYIYUA.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mgsgAcUY.bat (0 bytes)
The process %original file name%.exe:2024 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wMcUkEQE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UckgQUgU.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UckgQUgU.bat (0 bytes)
The process %original file name%.exe:1104 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mmYQcIAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZoIkMUQQ.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IgsAwooE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dukEQYUE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mmYQcIAE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IgsAwooE.bat (0 bytes)
The process %original file name%.exe:1672 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DkMUUkYk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wyskIYkw.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DkMUUkYk.bat (0 bytes)
The process %original file name%.exe:1452 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MgUEsgEo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\quMsQsAQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uSMUEgYA.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FiQgswIs.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MgUEsgEo.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FiQgswIs.bat (0 bytes)
The process %original file name%.exe:2012 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MAkoAoAI.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (120 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jYIEEocg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PqocAQww.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CukQUEgA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RAsoAMIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cEYMEwwA.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CukQUEgA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PqocAQww.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MAkoAoAI.bat (0 bytes)
The process %original file name%.exe:2028 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jyYowsAw.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NiMUIUEc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NiMUIUEc.bat (0 bytes)
The process %original file name%.exe:728 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gUYskwoE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TckYUckQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gUYskwoE.bat (0 bytes)
The process %original file name%.exe:1164 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CkgkQAoE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FGkEIwYc.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CkgkQAoE.bat (0 bytes)
The process %original file name%.exe:1160 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CCckQAEM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QWEQcgwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TasoQwAE.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bmscYwAs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CCckQAEM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TasoQwAE.bat (0 bytes)
The process %original file name%.exe:884 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\okswAEEU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DmoUwAsY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nWYgIscM.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RkUsEEAg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DmoUwAsY.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RkUsEEAg.bat (0 bytes)
The process %original file name%.exe:1816 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JEwkEMsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZSMMgAAM.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JEwkEMsw.bat (0 bytes)
The process %original file name%.exe:1056 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vgIwIcEg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uKggogMM.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uKggogMM.bat (0 bytes)
The process %original file name%.exe:1536 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SCggQwMg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XiwkUMYk.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SCggQwMg.bat (0 bytes)
The process %original file name%.exe:1964 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VaoUwUgk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kckkYAIs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OawQcAoU.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (120 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XsoUkIck.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oiwIgAsM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\locowwYc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VaoUwUgk.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OawQcAoU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\locowwYc.bat (0 bytes)
The process %original file name%.exe:1960 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kOgwkcAA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gQoscYIE.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gQoscYIE.bat (0 bytes)
The process %original file name%.exe:2036 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kGEAIgkY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AGUkAsMY.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kGEAIgkY.bat (0 bytes)
The process %original file name%.exe:1792 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SAMkogoo.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NkQUQggU.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NkQUQggU.bat (0 bytes)
The process %original file name%.exe:644 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aUAgcAwo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bEkEgIAo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xgUkwMcw.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pSYskgQA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bEkEgIAo.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pSYskgQA.bat (0 bytes)
The process %original file name%.exe:1176 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ToUEQEAY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IyYMgwAA.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IyYMgwAA.bat (0 bytes)
The process %original file name%.exe:1272 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AUsAkoEA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aKoUMQEI.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CqYkUwAA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hWIksAcs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AUsAkoEA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CqYkUwAA.bat (0 bytes)
The process %original file name%.exe:616 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EWgcgIgI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LukgsQAc.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KkosYYkE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FKYoYEUs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KkosYYkE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LukgsQAc.bat (0 bytes)
The process %original file name%.exe:1052 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GkwwUMYg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\faAQsIAQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EqcgkIMs.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JyYoYQII.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\faAQsIAQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JyYoYQII.bat (0 bytes)
The process %original file name%.exe:1276 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DuUEkQMY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jEMMcwwU.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QEYgEgAs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bKsIgccs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jEMMcwwU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QEYgEgAs.bat (0 bytes)
The process %original file name%.exe:1888 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sqoMkgIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uGEgYwcg.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sqoMkgIE.bat (0 bytes)
The process %original file name%.exe:484 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kKcgEMQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YQEgYowM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gyMwYMgk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VIgwcYIc.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (80 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gyMwYMgk.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VIgwcYIc.bat (0 bytes)
The process %original file name%.exe:1608 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wqMUAAMc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ywEAAQgM.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ywEAAQgM.bat (0 bytes)
The process %original file name%.exe:1604 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\leEkwgks.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qUgIkcgM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sMIsksIs.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nukMYMYg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KcYAMokE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RqkkgQEs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\McYAUMEE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tQIggUkA.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nukMYMYg.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\McYAUMEE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KcYAMokE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\leEkwgks.bat (0 bytes)
The process %original file name%.exe:1472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lGssYIsg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SOgsQoYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pMQEwEIs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iSAYwwQI.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (120 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hqckckAY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UIwMEEsw.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lGssYIsg.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UIwMEEsw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SOgsQoYQ.bat (0 bytes)
The process %original file name%.exe:356 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XKEIMckw.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\leQYMIEY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XKEIMckw.bat (0 bytes)
The process %original file name%.exe:2000 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nuEggAsU.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JGkwYQYY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JGkwYQYY.bat (0 bytes)
The process %original file name%.exe:260 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ssYYYcMs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VmMwsAwI.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VmMwsAwI.bat (0 bytes)
The process %original file name%.exe:352 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uGcwoEQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rgIUggwE.bat (4 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rgIUggwE.bat (0 bytes)
The process %original file name%.exe:2004 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cykYAckU.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qaooUIIo.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qaooUIIo.bat (0 bytes)
The process %original file name%.exe:804 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vqoEgUUY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mSwUAIkc.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (40 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vqoEgUUY.bat (0 bytes)
Registry activity
The process fGAwoYMM.exe:772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 C3 D1 52 55 09 01 CE 73 24 BD 26 2F 66 C0 66"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
The process reIEcoQI.exe:556 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 FF 89 65 87 70 5C 30 17 B5 2A EE 76 1F F7 21"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
The process %original file name%.exe:216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 C3 6E 5B 3D C2 83 1E B2 DB 73 7C 8D 86 08 C6"
The process %original file name%.exe:1788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 36 C4 EF 39 8F F1 08 2D C6 1C EB A1 7D 02 CB"
The process %original file name%.exe:1140 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 5C F6 E0 33 EE 5C 4B D0 86 96 75 59 DD 5A 90"
The process %original file name%.exe:212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B AE FE EF 1A 80 31 93 44 FB 3A 7D 16 97 59 11"
The process %original file name%.exe:1264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 6C A2 22 F9 79 D6 97 9B 54 7B BF CB 79 91 9E"
The process %original file name%.exe:132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 2B A4 D6 55 78 75 53 CA 72 8E 63 4E 09 B0 DB"
The process %original file name%.exe:492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 5B 3F 00 C7 4F 3C 84 38 20 FB AC CE 49 1F EC"
The process %original file name%.exe:1948 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 11 0C 0B CA 1C 78 0F 3E 1E 95 C2 2B BF CB E0"
The process %original file name%.exe:1776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 B2 67 AE 7E 50 C3 78 C9 79 00 3B 10 FD 9C 45"
The process %original file name%.exe:1836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 5D 9B 87 C8 70 7A 38 8B 36 17 B0 1F 42 FE 79"
The process %original file name%.exe:1220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA EE 8F DD 7A D0 56 75 40 65 97 D9 DB EB 69 05"
The process %original file name%.exe:544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D4 03 BA A3 F3 58 48 9C 43 44 F0 BE 8A E9 45 31"
The process %original file name%.exe:1376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 C6 F0 E7 25 F2 3D E7 23 CC 29 19 83 1D DC E5"
The process %original file name%.exe:280 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F 9D 9F 66 DA 9B 30 C9 05 B8 FA 22 0A 0E 7D 5E"
The process %original file name%.exe:548 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "67 5D 9D 5E 8D E3 F0 35 DA 18 8C 5C 40 DC D3 25"
The process %original file name%.exe:1916 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 F5 37 E0 E3 13 59 0F 77 24 86 C9 5D 02 35 6F"
The process %original file name%.exe:284 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 9A 70 4C 71 0D D0 93 3C 4B 21 DB 64 CA 0D 3D"
The process %original file name%.exe:816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FB 2E 52 DE BE 4D 32 B0 04 66 FA 8A F6 32 62 A6"
The process %original file name%.exe:408 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 E7 CF 59 5B DB 87 DF 05 C0 F3 17 C3 AD B7 EC"
The process %original file name%.exe:716 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F F9 F0 CF 62 3D 14 6D C7 E0 29 DC AA 81 8C 2C"
The process %original file name%.exe:1156 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "89 AC 1D 4B DD AA 25 02 21 24 91 92 49 97 CA 45"
The process %original file name%.exe:1152 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 D5 C4 AA 1C CF 17 95 7C D9 1D BF 9E 0D 9B FF"
The process %original file name%.exe:1620 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 AC A1 E2 8B 91 FE 68 82 BC A8 66 6C 20 66 64"
The process %original file name%.exe:332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "47 B8 72 17 10 DD 97 83 D7 CC 3E 2A F5 8B B9 83"
The process %original file name%.exe:1016 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 89 5F C1 CB 3C 53 95 C2 AC 68 E2 07 65 63 AF"
The process %original file name%.exe:1064 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 28 C4 05 4C 53 44 41 68 AF B4 20 67 E1 A4 BA"
The process %original file name%.exe:928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 5F C7 8F 6A 59 E8 D7 E4 7C 4C 4F 3E 23 5B EA"
The process %original file name%.exe:828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3F B7 B5 E9 FB 3E AC C6 EA 9D FF A7 65 3A E8 D3"
The process %original file name%.exe:296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 F5 1B 66 69 94 DB 1A 03 20 A8 CF 50 F5 3F 45"
The process %original file name%.exe:824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF 26 EF 24 FB 79 DB 80 7E B6 EC 1B 47 77 7C F2"
The process %original file name%.exe:376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 D0 CB 36 A9 DF BC C4 0B 11 DB 56 9D 9C AF 10"
The process %original file name%.exe:1080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A 5C FF A5 32 D8 22 73 10 38 5E 62 34 34 95 B0"
The process %original file name%.exe:1480 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F 85 E9 6A 04 F5 49 B7 F7 18 BC AF 17 5B 49 1F"
The process %original file name%.exe:396 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CB 01 74 0A 89 F2 DD A8 39 E6 87 58 03 2D 4D DA"
The process %original file name%.exe:268 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E2 69 C7 21 18 AF 43 A8 C2 70 17 E1 72 3C D5 ED"
The process %original file name%.exe:1716 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5A FB 9A 22 33 2D 60 C1 49 5E 9E F2 FC 97 78 4C"
The process %original file name%.exe:1520 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 7A E8 41 07 49 60 9F 30 C9 B1 5C 5E 7D 2C 78"
The process %original file name%.exe:368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 1D 51 30 7E BB BA 7D F7 09 0F 39 DE 06 CE A5"
The process %original file name%.exe:364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B4 0C DB 06 41 08 4F 5B 14 10 12 3E 41 A5 B8 B9"
The process %original file name%.exe:916 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 19 AC 0D 2E 49 F3 16 18 81 23 00 09 02 2A E8"
The process %original file name%.exe:1392 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 7F 25 2D 2E DB 98 2D 2F 9C 02 8C 12 DD 33 47"
The process %original file name%.exe:1236 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 18 83 5B 4B 74 B8 08 77 50 12 C4 9B F6 9F 59"
The process %original file name%.exe:1232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A C7 14 AE 9A 2D C9 34 9E A4 0B 0E 11 C3 32 07"
The process %original file name%.exe:1336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 52 88 24 92 22 EB 9B 45 42 69 BE E7 B9 DB 32"
The process %original file name%.exe:304 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 00 E1 8F AD 31 CB 51 55 24 CE 62 67 A8 B1 68"
The process %original file name%.exe:1252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 75 ED 05 E8 FF 60 A5 FF B9 40 94 6A 2B 2D B2"
The process %original file name%.exe:240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0B CF 27 C2 94 CE EC 27 D1 70 68 25 AD F2 45 D1"
The process %original file name%.exe:388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "64 F5 5F 75 65 3F DF F4 B7 DF C4 11 02 2B EA 9F"
The process %original file name%.exe:1436 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E2 AA C6 97 D8 1E 40 D1 F2 EA CE 15 68 CC 7D 34"
The process %original file name%.exe:900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BD AB B8 5B 38 9E 6E 6E B4 20 FD 6F BA 9A D9 BD"
The process %original file name%.exe:1432 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 94 3E C1 62 73 B7 35 54 A1 C6 FE 47 EF 69 A3"
The process %original file name%.exe:1840 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "06 D4 AA AE 61 C0 4F 4A B5 A2 9F 5C BF A8 AA 8C"
The process %original file name%.exe:788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 55 47 6D 7C 83 08 D6 EC D5 19 2E 1E A7 1A 42"
The process %original file name%.exe:1648 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 21 5F 8B 90 91 EF DC 2F BB F3 2E 8E CB DF 5B"
The process %original file name%.exe:1240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4F 30 F4 1D 40 04 A5 E6 83 CF B0 DB AB 94 03 76"
The process %original file name%.exe:1244 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F DC 4B EE 3F 8E 1F CC E3 BB B5 7A 90 4B 48 29"
The process %original file name%.exe:516 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 56 4C 01 AE 82 35 6E 91 50 B3 EF 73 FA 5D 00"
The process %original file name%.exe:620 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 92 1F 07 81 DE 4A EB 0B 37 74 BB E3 6F 8F B4"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
The process %original file name%.exe:624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 36 8E 51 E2 CA BC AB 20 42 3E 97 B8 40 10 98"
The process %original file name%.exe:1228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 CC 6D BD 44 82 8F 7A 4F 7F F7 00 23 12 E3 C7"
The process %original file name%.exe:1980 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 06 E1 76 A1 76 55 D6 52 F6 A2 C0 39 2C 35 72"
The process %original file name%.exe:1988 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6D 47 4C 89 97 DB 2F 5A C9 C2 DA 24 8C 2E 6A 9E"
The process %original file name%.exe:652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "35 9C 4C 08 B6 95 B4 F1 DA B7 99 75 BC 10 FD 50"
The process %original file name%.exe:636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F 68 BD 00 90 DA 27 AB 7B 7E 0F 7F 9F DC 62 68"
The process %original file name%.exe:1860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 21 1E C2 6A EA CB CB E1 E0 F6 84 EC E5 BD 98"
The process %original file name%.exe:1596 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "60 0F 40 B5 A8 9C 4E 13 7D 8D 6D C1 32 7F 5D D0"
The process %original file name%.exe:1864 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AC 26 AA 81 CD 0D 41 A1 98 88 D8 59 8B A1 C8 46"
The process %original file name%.exe:228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "64 FB 4F 31 FB 27 12 31 D8 C2 30 54 CA A7 4A 96"
The process %original file name%.exe:1676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EA 79 A3 96 4A 03 16 65 80 5A 17 D3 7B D7 9B 51"
The process %original file name%.exe:220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6D CC C8 65 51 02 C3 E6 9E C4 DD ED 2E B6 CB 8A"
The process %original file name%.exe:868 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 08 1D A5 91 57 B6 F1 2D 28 E9 AE 84 AC 53 6E"
The process %original file name%.exe:1992 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0B 74 49 A2 B4 AC 17 07 3B 9E 2A B1 03 78 76 F9"
The process %original file name%.exe:1996 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 1E 7F FC 0C E6 9C 1C 31 35 4F FF D7 93 16 8D"
The process %original file name%.exe:1028 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 5E 50 6D 53 9F 2A 25 A5 47 FD A2 B4 D2 D1 DE"
The process %original file name%.exe:2024 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 68 DD 3A 40 60 FE 02 D1 D1 5E A8 3C 19 24 64"
The process %original file name%.exe:1104 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 9A FD 17 CC 1B 94 B1 08 3D 25 42 59 76 07 74"
The process %original file name%.exe:1672 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 6D E8 D7 37 42 9B F4 A8 E4 7A FA 44 ED 73 0C"
The process %original file name%.exe:1452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FE 33 14 2B A7 9A 91 F6 B1 70 45 2E 19 AE 07 F3"
The process %original file name%.exe:2012 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D 08 2A 9A DF 20 8D 99 DA DC 15 5E F0 A5 F7 6C"
The process %original file name%.exe:2028 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 CB 3F 19 5E 3F B5 D3 33 F0 DE 3A AF EA F2 6B"
The process %original file name%.exe:728 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F 32 B0 9E 4B 3C DE AA D1 F2 8F 29 90 38 15 04"
The process %original file name%.exe:1164 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F 30 36 BE 89 9C A5 9C F1 8E 88 F7 A8 8F B6 73"
The process %original file name%.exe:1160 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 6E 8E 21 7A 93 0C 08 2E 4F 77 F9 23 3F 90 17"
The process %original file name%.exe:884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 78 9F 23 13 47 5C 7D 39 C7 AC 93 7A 6F FB 2A"
The process %original file name%.exe:1816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 0A 02 7E CD 6A 89 5A EC 83 75 F0 60 51 EF AA"
The process %original file name%.exe:1056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 FA B9 E2 B5 6D 07 1B 62 40 4E 7E 4C AA 13 75"
The process %original file name%.exe:1536 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 4D 46 8B 3C BF 47 B6 E3 87 69 E5 E7 05 8E FC"
The process %original file name%.exe:1964 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "39 B7 6A 69 29 CC 7E 7B F0 44 5F 85 B0 00 54 3D"
The process %original file name%.exe:1960 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 06 F8 79 F9 E1 C4 02 81 ED 14 64 57 B9 30 7C"
The process %original file name%.exe:2036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 57 4C 67 51 51 B4 D6 46 DC 0E 0B 9D B0 F3 78"
The process %original file name%.exe:1792 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC C2 FE D4 59 64 6F 34 5B 63 17 91 51 5B A6 41"
The process %original file name%.exe:644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "60 77 72 D9 E7 5F 5A F6 49 89 1A 37 3F 6F D6 61"
The process %original file name%.exe:1176 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 29 04 20 E8 A9 77 FB 9F 9A 4F 0A 13 7B B8 B1"
The process %original file name%.exe:1272 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 9F 2C A4 FA A6 9F 32 26 D4 1F CD 47 2B 58 CD"
The process %original file name%.exe:616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 E0 61 4D 17 AF 3D B3 52 4E FD C4 FB D8 18 82"
The process %original file name%.exe:1052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 E5 89 5A DD 88 A6 08 F9 27 01 5B 96 E3 69 3A"
The process %original file name%.exe:1276 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 09 F6 49 AA BF CD 01 28 BD 18 BC 9D 93 C0 D1"
The process %original file name%.exe:1888 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C A2 FF 05 D9 8F AD 1F 78 49 00 45 18 E1 23 E7"
The process %original file name%.exe:484 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 B9 12 D5 94 9D 4E F9 26 EA 23 42 7D 3E A5 C1"
The process %original file name%.exe:1608 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 54 73 44 59 F9 DE 25 0B 21 81 5D CF 45 20 C6"
The process %original file name%.exe:1604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 AC 8C DA 75 7A 3F 6C 7F 19 21 5C A3 D7 18 46"
The process %original file name%.exe:1472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 DA B8 67 91 2E C4 7A CA C1 CC 23 DA 71 97 6B"
The process %original file name%.exe:356 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 DF FF 52 55 BE 2F CD 9E 78 C1 68 2A 30 0C 98"
The process %original file name%.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D9 03 B9 69 30 05 41 81 C5 79 75 E8 68 8B A4 40"
The process %original file name%.exe:260 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 6F 54 61 98 8C 0F 49 0C 27 45 D6 47 2D B1 67"
The process %original file name%.exe:352 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 C7 93 A2 FB CC F1 CF DD 5D 3F B6 9D E3 6B 3F"
The process %original file name%.exe:2004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B F7 D7 8E FE 92 3B 2B 54 5C 90 54 2F B1 50 FB"
The process %original file name%.exe:804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 39 2A 68 4D 15 D4 5C 25 A9 1B 0A 7B B4 92 53"
The process cscript.exe:1788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 3D 25 4D 8B 9A 97 B6 C6 26 E6 43 FA 9B 58 BF"
The process cscript.exe:216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 F5 8B 87 10 6E 53 95 85 68 9C ED B8 9F 89 C0"
The process cscript.exe:1140 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D 72 07 16 02 82 54 DC 5B 5E 4F 44 0A 6F 5E 2E"
The process cscript.exe:212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 10 09 C5 B5 E4 55 E2 38 43 07 B4 8E C0 57 E0"
The process cscript.exe:1264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 2D C4 F7 1E B8 5E 43 25 6C F1 5D 3A D7 51 E6"
The process cscript.exe:132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 51 81 39 7D 16 73 58 A6 45 6B F9 72 59 C3 01"
The process cscript.exe:1300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D5 21 EC AF F6 33 3B B0 EC 92 24 1E 75 40 35 34"
The process cscript.exe:1948 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 91 49 E2 AB 48 D5 80 E6 8D 66 C7 49 BD A4 CD"
The process cscript.exe:1776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "60 42 17 64 F7 27 29 B0 7F F2 1C 27 4D 1E 05 F8"
The process cscript.exe:1836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F5 AE 22 68 E9 8B 7B 15 40 D0 98 77 3D 64 05 3A"
The process cscript.exe:1076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 AC 05 31 8D 02 A1 82 9E AB 24 B0 1D 41 9B 23"
The process cscript.exe:624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC B6 1C 6A 46 9B FC E6 D9 30 79 EA 46 69 0E E6"
The process cscript.exe:1072 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF 11 22 13 95 3E E3 8E C0 7F D6 F0 35 FB 0F 99"
The process cscript.exe:344 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "38 52 DC 32 A0 54 3C 80 80 17 ED 0C B0 42 91 D7"
The process cscript.exe:544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 DE BF 87 94 13 01 7E CB 08 3A 4A C0 C6 DD 4B"
The process cscript.exe:1376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 E9 67 B8 E5 01 D3 BD F9 92 55 94 65 90 2B 6A"
The process cscript.exe:1520 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0C CA 6A 67 FC 44 B5 A5 51 D5 3E 2A 43 31 16 DB"
The process cscript.exe:1676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E A0 F6 B5 BA 91 81 6B 7E 37 0C 6C 7F 6A 54 EC"
The process cscript.exe:220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 B5 7A 5A 53 BF A3 F8 BF DA 3E 0B 6A 6A 17 07"
The process cscript.exe:816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 9B 00 C6 3B CD E0 AF 32 87 F3 B1 A0 38 F5 41"
The process cscript.exe:408 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4B 0B 82 94 AF B2 85 24 AE FD E8 75 E0 DF 61 E6"
The process cscript.exe:1792 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 44 55 4C 74 6C DB C7 D2 67 79 60 6A 4A 77 2D"
The process cscript.exe:1156 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2E 37 A1 B1 F2 D5 4A 61 DE 1E B9 E9 83 7D 6D D9"
The process cscript.exe:1796 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 B8 73 36 1A 4D 00 B2 C6 8C B3 A3 F7 F4 FB 81"
The process cscript.exe:364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A B9 3E 10 D8 D0 DC 3E 68 C7 20 BC 84 98 BA 75"
The process cscript.exe:1824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "26 04 93 A9 79 A6 75 76 BD 5A 80 55 44 09 48 3A"
The process cscript.exe:1064 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B2 C4 8E E6 93 A3 5A 2D 53 FE C1 7B 4E 21 E8 4F"
The process cscript.exe:928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B 9B 6B CA 1A 2E 1D 61 B7 A0 E5 2A 0B 71 BE 0E"
The process cscript.exe:828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2A 61 EA 5E 37 A8 39 9C 56 DB E6 B8 C8 90 E2 B0"
The process cscript.exe:824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 CD 0C 65 F9 94 8C BE B7 25 AE 5E 63 7C 05 F0"
The process cscript.exe:376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 0B A4 09 1C 22 69 12 E5 1D 4B 97 31 9B E0 DD"
The process cscript.exe:1080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 02 43 2C 44 DD 18 A0 CB 48 5A 8E 0F BF 63 7C"
The process cscript.exe:584 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 F1 25 48 68 02 BB 2C 08 2F FA 59 F0 D7 D0 B6"
The process cscript.exe:1920 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 4E A2 4F 05 8A 59 D7 D6 A7 8B F7 25 E4 21 3B"
The process cscript.exe:396 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF 9D 37 52 31 24 1C 29 B0 F7 F8 80 91 6B 8E B8"
The process cscript.exe:1252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E D8 6A 17 F5 6E F3 0B 2F E1 B0 17 0E 94 CB 67"
The process cscript.exe:1016 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 E8 D4 92 B0 87 8F 81 BF 70 A1 24 BA 59 27 01"
The process cscript.exe:916 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 91 F1 1A 9A A9 46 9E B0 5C 62 C1 0C C4 13 18"
The process cscript.exe:1392 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 E3 78 24 47 89 A8 A3 03 15 04 D8 D8 B5 B7 C3"
The process cscript.exe:1236 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "62 A9 F6 72 C8 CA FA FF 66 A0 4B CC C9 31 7E A1"
The process cscript.exe:1336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F 3D DF 0B FB C5 CE A8 DF 11 24 B3 17 14 19 51"
The process cscript.exe:1136 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 93 44 3E 0C 4B D0 5B 23 B3 89 9F 67 9B B6 CB"
The process cscript.exe:240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C FD 90 5C DC 3B 15 27 26 6A D9 14 C4 48 0E 3F"
The process cscript.exe:388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 D2 EC 7F B6 D7 A5 18 73 A6 63 C8 71 89 97 71"
The process cscript.exe:1436 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 1D 6A DA 4B E7 A6 22 C1 08 3E 0B E7 E6 49 D7"
The process cscript.exe:1432 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 00 D4 B1 9F 48 0A 80 A6 18 C2 F1 66 32 C0 25"
The process cscript.exe:1840 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 AD A3 4A 1F 1D 90 F5 BC FF 09 02 49 9F 9D 46"
The process cscript.exe:788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F D3 39 A1 1B 4C 0B 03 0C A6 1F 51 E3 22 62 E4"
The process cscript.exe:1648 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 20 05 20 AF AE B2 7A 24 1A 81 74 50 EC 02 E9"
The process cscript.exe:1536 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "29 17 8F 03 93 B8 24 CA 04 1F 62 02 81 5A 7E 42"
The process cscript.exe:1244 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 8E 45 19 70 19 80 C7 C2 96 7C D3 A2 49 0F F8"
The process cscript.exe:432 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 C5 FE BD DA 3F 4C D4 56 C7 62 AB BC E9 D4 DB"
The process cscript.exe:516 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 99 50 F2 0A 2E 7F 89 07 C9 21 D0 02 34 50 35"
The process cscript.exe:1220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 5B 3D 47 85 27 E1 7B 39 93 75 56 2B F9 CB 70"
The process cscript.exe:252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A2 8C B1 97 85 51 AD 2C B4 03 93 52 A0 DC 5B 49"
The process cscript.exe:1632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "59 D6 E3 B6 8F 25 04 8E AD B3 61 7D BD EC BC 32"
The process cscript.exe:1980 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "50 94 28 6D 09 4A 32 5B 19 F5 99 AE 6D E7 B8 5A"
The process cscript.exe:1988 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0B CE 52 46 49 64 D3 F9 0A 05 23 5E A1 16 B2 43"
The process cscript.exe:652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 79 4B 66 56 F7 BD D7 E2 D4 03 F6 EF C8 3D BB"
The process cscript.exe:188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 7F 34 95 95 DA 92 05 76 79 3A 1C 84 9B BB 7A"
The process cscript.exe:1036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E2 59 BF 33 CD 30 B1 EA 94 BF 9F AF 46 BA 30 C9"
The process cscript.exe:632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 99 22 D7 67 EA 1F E5 20 36 0C D2 A2 9D 58 7F"
The process cscript.exe:636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 EB 62 9B EB FC 73 BD 5D 35 F7 31 A7 6B CD A3"
The process cscript.exe:1860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 2C C3 2F 38 AF 77 49 A1 38 B7 BC 04 68 D5 13"
The process cscript.exe:1596 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0B 9A 8C 37 43 DD 3E F9 72 ED 84 06 16 6D 80 88"
The process cscript.exe:228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 D2 6F 54 0A 5E 16 C0 D3 B5 1A 0A 5A 83 F9 FE"
The process cscript.exe:780 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C 40 0D 15 90 3A 5F AA CB A3 3E 14 0E C9 9B 05"
The process cscript.exe:1916 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 1D 38 C3 0B 81 85 AE 4E DD 90 5F 01 7B 01 70"
The process cscript.exe:1992 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BD 2B 44 62 90 86 71 CF D8 6D EF 75 9F 33 13 08"
The process cscript.exe:1996 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F 08 35 28 86 F4 61 DD 48 5E A4 DD D5 99 AD C7"
The process cscript.exe:1028 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A 2C 40 69 3D AF B3 A7 CE 24 22 29 56 BB D0 1E"
The process cscript.exe:1104 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 89 EE CA AA BB 79 E0 A4 16 01 88 23 7C 62 2B"
The process cscript.exe:1672 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D 12 A5 A4 E7 39 91 CB 5B 2C 05 A8 8A 3A 1A 97"
The process cscript.exe:1452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA 14 CB 84 7D 86 56 0F 09 AA 2A 37 F6 C2 85 B1"
The process cscript.exe:2012 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B3 75 F6 49 9C A0 0A AD 56 93 D6 53 4E 96 46 F6"
The process cscript.exe:728 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 04 23 6F 19 DA EE AD 6C EF 94 F7 2F F2 48 5E"
The process cscript.exe:1512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 67 82 7E 1B 0F 2B 7A BD 69 3B D5 AE 14 98 D4"
The process cscript.exe:1164 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 DC 22 07 CC 83 3E F2 9F F3 5E 0A 1A 7C 98 8F"
The process cscript.exe:1160 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 2E BF EA 17 11 9D C5 33 13 CA B0 12 55 6B 80"
The process cscript.exe:884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C4 D0 17 97 55 C1 70 4E 75 B8 36 1C 29 03 DF 1C"
The process cscript.exe:1168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E5 3F A6 FC 59 CF 0F 2C 7F B8 08 F8 21 2C A9 08"
The process cscript.exe:232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A A6 71 47 2F BD 6A B5 91 9D C4 C9 31 52 02 97"
The process cscript.exe:1816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 65 04 35 2E D0 50 62 CA 52 EE 0D 80 35 3F 3C"
The process cscript.exe:1056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 59 24 2C 4A 22 90 0F 01 32 48 EE 33 7A 41 F1"
The process cscript.exe:1240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "68 D3 59 91 08 2E EA BD 9D 5D 67 6D 9B 2A 94 0A"
The process cscript.exe:1960 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 CA BE 20 71 3C 36 B9 08 DF B2 29 80 D3 24 B7"
The process cscript.exe:2032 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F 06 89 20 F0 3B 9D 37 BB 4D BE 13 D2 36 A7 24"
The process cscript.exe:716 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 1A 7E F0 35 86 D7 FD 15 4F 91 5A 9B 67 E5 F5"
The process cscript.exe:1176 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D BB 5E 68 19 87 C8 1B 51 DE BB 59 44 2C 35 2A"
The process cscript.exe:776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 29 A0 7D 2B 33 83 65 F6 8F 26 85 18 1F EA 6C"
The process cscript.exe:612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D4 44 09 76 41 99 E0 D9 BA 3C 01 A5 5A AA 9C 1C"
The process cscript.exe:616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E2 2E 0E 7A 06 F8 64 E6 C6 46 A9 41 D2 51 55 83"
The process cscript.exe:1276 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 BF DD 15 88 05 5A 25 17 92 41 BF 05 EC 92 7B"
The process cscript.exe:484 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 8E 3D DB 1A 8A E4 2C 7E F5 9A 5B 06 51 49 92"
The process cscript.exe:1976 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "89 8A 39 D7 00 E4 3F FB F6 3E 5E C1 DE 92 F2 B5"
The process cscript.exe:1288 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 A0 47 D2 D9 2F 61 67 1F 91 5C 23 C9 4C 46 77"
The process cscript.exe:940 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 43 24 9F 0C 52 43 34 02 11 68 2B 17 07 86 3A"
The process cscript.exe:1472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 ED 1F 4B FD 60 87 D4 A6 E3 04 CB 19 77 4F 44"
The process cscript.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F F0 DA 66 C7 07 90 B9 DF FF F6 65 3A 3C A8 CC"
The process cscript.exe:476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 4A D9 F6 3A BE AE E3 81 F0 DF CE E1 9E 82 0E"
The process cscript.exe:352 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "24 2D EA 29 B9 17 B0 95 92 FE 7F 65 37 31 0D 26"
The process cscript.exe:1368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5A B4 33 03 A5 21 08 8E 37 79 DA 80 2C 2F A3 6A"
The process cscript.exe:804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D EF 4D AB 24 C1 AA FE 7F 96 5B 63 99 37 E8 59"
The process NesIMIQs.exe:560 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "89 C7 27 23 B5 CB AD E9 BD 73 D3 33 F6 31 DF 6A"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
Dropped PE files
| MD5 | File path |
|---|---|
| bc95b21b43936388430d8385678628a0 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe |
| 9a1bf3d10a7e6447dc4b627a81673847 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe |
| bf0ea0c4b9d8cda7cef7e2a59a140366 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe |
| 9fcb321d26a93666f22bd02b9449dcce | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe |
| f69b6a9e5f6d50e8558fd0bae24fc0be | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe |
| 7026f92363c6237baf45627190e27280 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe |
| b1d0e7a1937b0171076b0b8b5f1bbc94 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe |
| d42d9107c482345abcf466308faa340b | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe |
| 43238034bd04b4942f2fc26fab757909 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe |
| bedd5e8f9ea92eb232bfaa8beaf31ebf | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe |
| 3455512b7df41eea42152eb1b1b68c7a | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe |
| 0e9dec1b63fa07cad18d2b61afa9a9d5 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe |
| 2db1cfc57dd9e451140dc80458cc1920 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe |
| b471f0e2cd699f63e257f33fabf66b25 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe |
| 85dc5ac78eb5f2bcc654019624174ec3 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe |
| 7615d2e2d4819343b4b1b941284673f4 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe |
| b82cca7b5148b0517bde61d1d6533477 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe |
| 8dfee1cba614603260975f48d1b92dbb | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe |
| 10f9757c49b72fee1279c733d6c0bfea | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe |
| fc4e29d800bc28a8c3ae4e8f04545b3c | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe |
| 85b1f1415884f57cb426dcd263997670 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe |
| d7b2786224a32723478bb2a8d36e4b4e | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe |
| c19db9bc0f8efffb720333e59446b7ec | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe |
| 2d014c237cab960c7982eff863e38855 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe |
| bfda5867f29d1fe69eab1403e5278739 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe |
| 4790cb81496462b9611495071b33b3a4 | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe |
| 53516ca130ed872d937ab4a14a135c28 | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe |
| e11e84f2d6aea33e7c809df962043641 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe |
| 37e7910386521d0dd65f53f43eae7583 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe |
| 222d6ee002be8aef85426e5402fe93ae | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe |
| cff819647d39ed43786bd6701134d0e3 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe |
| dd07154fb9c8b25602eb5a1f0f0287be | c:\Documents and Settings\All Users\JuwEIgUE\reIEcoQI.exe |
| 0705e9e7ad562e9ef5bf8e2bef96fe94 | c:\Documents and Settings\All Users\hcYYccwo\NesIMIQs.exe |
| c93f25c4f3144dee914af8357e207c25 | c:\Documents and Settings\"%CurrentUserName%"\dUskcAww\fGAwoYMM.exe |
| d2bab8eae66641ab52f3e57383284c39 | c:\Perl\eg\IEExamples\ie_animated.gif.exe |
| 00e211d3e8890047ab3e1444e3d2eabe | c:\Perl\eg\IEExamples\psbwlogo.gif.exe |
| 9f1c50c8dcfbc334b2af9cf2d118fc3a | c:\Perl\eg\aspSamples\ASbanner.gif.exe |
| 4c153473d3c03c3dd065f578fdaee730 | c:\Perl\eg\aspSamples\Main_Banner.gif.exe |
| 38a86ea12b1100298157e181c6ddc260 | c:\Perl\eg\aspSamples\psbwlogo.gif.exe |
| d48eb0abfae3cf9c841ceaeec54b3e92 | c:\Perl\html\images\AS_logo.gif.exe |
| 0f717b83c4177caf184f3f5595773da7 | c:\Perl\html\images\PerlCritic_run.png.exe |
| 0bbc94ffea77084d16d533a72b446cf5 | c:\Perl\html\images\aslogo.gif.exe |
| 0b852f2fc44481fb4daadad2ba636d86 | c:\Perl\html\images\ppm_gui.png.exe |
| 1b73ca7f2db44b64e4784be7ccfe35de | c:\Perl\lib\ActivePerl\PPM\images\gecko.png.exe |
| 393d88277cae26622d156b4e8ac0e66b | c:\Perl\lib\ActivePerl\PPM\images\perl_48x48.png.exe |
| c4ddbb7b8721380ca1952e6e7403c213 | c:\Perl\lib\Devel\NYTProf\js\asc.png.exe |
| bab92d8bbead691b3600afed294b3c0f | c:\Perl\lib\Devel\NYTProf\js\bg.png.exe |
| 9b8c36f67274d18f4a3c5ce9957f5520 | c:\Perl\lib\Devel\NYTProf\js\desc.png.exe |
| 53fc87204134c2bb9f01f3fcdde402f8 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient.png.exe |
| 27bc1f4f1172a1036da0380f31de8d4c | c:\Perl\lib\Devel\NYTProf\js\jit\gradient20.png.exe |
| 42984c82d655e0e080b28d5fe485924d | c:\Perl\lib\Devel\NYTProf\js\jit\gradient30.png.exe |
| 88f7b9e1c396166dd61f97bf768fc358 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient40.png.exe |
| ac9d5f421c518ff183633c56f353c499 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient50.png.exe |
| d612c3aae647066dc6c78d6ddace8a80 | c:\Perl\lib\Mozilla\CA\cacert.pem.exe |
| 02402a8e4d131c2b4abaa402e54f5316 | c:\totalcmd\TCMADMIN.EXE.exe |
| c844ca23e32891e453930bc98bc552fa | c:\totalcmd\TCMDX32.EXE.exe |
| f06c7902155a2efc1441d54909f2c7a1 | c:\totalcmd\TCUNINST.EXE.exe |
| ef194e33550c111d714fb17dafc48897 | c:\totalcmd\TOTALCMD.EXE.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
VersionInfo
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 479232 | 477696 | 5.47764 | a01e1089205c18e1df88782eab7e430e |
| .rdata | 483328 | 4096 | 512 | 2.28528 | f9de40a63d0cfc1f5a69827441cdd23d |
| .data | 487424 | 196 | 512 | 2.22256 | 60cf8d0637313c9c02420b37336e0132 |
| .rsrc | 491520 | 4444 | 4608 | 3.75612 | 4ca2ec323f7a2fd8887aedaf987eb708 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
URLs
| URL | IP |
|---|---|
| hxxp://google.com/ |  173.194.122.5 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Web Traffic was not found.
The Trojan connects to the servers at the folowing location(s):
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:216
%original file name%.exe:1788
%original file name%.exe:1140
%original file name%.exe:212
%original file name%.exe:1264
%original file name%.exe:132
%original file name%.exe:492
%original file name%.exe:1948
%original file name%.exe:1776
%original file name%.exe:1836
%original file name%.exe:1220
%original file name%.exe:544
%original file name%.exe:1376
%original file name%.exe:280
%original file name%.exe:548
%original file name%.exe:1916
%original file name%.exe:284
%original file name%.exe:816
%original file name%.exe:408
%original file name%.exe:716
%original file name%.exe:1156
%original file name%.exe:1152
%original file name%.exe:1620
%original file name%.exe:332
%original file name%.exe:1016
%original file name%.exe:1064
%original file name%.exe:928
%original file name%.exe:828
%original file name%.exe:296
%original file name%.exe:824
%original file name%.exe:376
%original file name%.exe:1080
%original file name%.exe:1480
%original file name%.exe:396
%original file name%.exe:268
%original file name%.exe:1716
%original file name%.exe:1520
%original file name%.exe:368
%original file name%.exe:364
%original file name%.exe:916
%original file name%.exe:1392
%original file name%.exe:1236
%original file name%.exe:1232
%original file name%.exe:1336
%original file name%.exe:304
%original file name%.exe:1252
%original file name%.exe:240
%original file name%.exe:388
%original file name%.exe:1436
%original file name%.exe:900
%original file name%.exe:1432
%original file name%.exe:1840
%original file name%.exe:788
%original file name%.exe:1648
%original file name%.exe:1240
%original file name%.exe:1244
%original file name%.exe:516
%original file name%.exe:620
%original file name%.exe:624
%original file name%.exe:1228
%original file name%.exe:1980
%original file name%.exe:1988
%original file name%.exe:652
%original file name%.exe:636
%original file name%.exe:1860
%original file name%.exe:1596
%original file name%.exe:1864
%original file name%.exe:228
%original file name%.exe:1676
%original file name%.exe:220
%original file name%.exe:868
%original file name%.exe:1992
%original file name%.exe:1996
%original file name%.exe:1028
%original file name%.exe:2024
%original file name%.exe:1104
%original file name%.exe:1672
%original file name%.exe:1452
%original file name%.exe:2012
%original file name%.exe:2028
%original file name%.exe:728
%original file name%.exe:1164
%original file name%.exe:1160
%original file name%.exe:884
%original file name%.exe:1816
%original file name%.exe:1056
%original file name%.exe:1536
%original file name%.exe:1964
%original file name%.exe:1960
%original file name%.exe:2036
%original file name%.exe:1792
%original file name%.exe:644
%original file name%.exe:1176
%original file name%.exe:1272
%original file name%.exe:616
%original file name%.exe:1052
%original file name%.exe:1276
%original file name%.exe:1888
%original file name%.exe:484
%original file name%.exe:1608
%original file name%.exe:1604
%original file name%.exe:1472
%original file name%.exe:356
%original file name%.exe:2000
%original file name%.exe:260
%original file name%.exe:352
%original file name%.exe:2004
%original file name%.exe:804
cscript.exe:1788
cscript.exe:216
cscript.exe:1140
cscript.exe:212
cscript.exe:1264
cscript.exe:132
cscript.exe:1300
cscript.exe:1948
cscript.exe:1776
cscript.exe:1836
cscript.exe:1076
cscript.exe:624
cscript.exe:1072
cscript.exe:344
cscript.exe:544
cscript.exe:1376
cscript.exe:1520
cscript.exe:1676
cscript.exe:220
cscript.exe:816
cscript.exe:408
cscript.exe:1792
cscript.exe:1156
cscript.exe:1796
cscript.exe:364
cscript.exe:1824
cscript.exe:1064
cscript.exe:928
cscript.exe:828
cscript.exe:824
cscript.exe:376
cscript.exe:1080
cscript.exe:584
cscript.exe:1920
cscript.exe:396
cscript.exe:1252
cscript.exe:1016
cscript.exe:916
cscript.exe:1392
cscript.exe:1236
cscript.exe:1336
cscript.exe:1136
cscript.exe:240
cscript.exe:388
cscript.exe:1436
cscript.exe:1432
cscript.exe:1840
cscript.exe:788
cscript.exe:1648
cscript.exe:1536
cscript.exe:1244
cscript.exe:432
cscript.exe:516
cscript.exe:1220
cscript.exe:252
cscript.exe:1632
cscript.exe:1980
cscript.exe:1988
cscript.exe:652
cscript.exe:188
cscript.exe:1036
cscript.exe:632
cscript.exe:636
cscript.exe:1860
cscript.exe:1596
cscript.exe:228
cscript.exe:780
cscript.exe:1916
cscript.exe:1992
cscript.exe:1996
cscript.exe:1028
cscript.exe:1104
cscript.exe:1672
cscript.exe:1452
cscript.exe:2012
cscript.exe:728
cscript.exe:1512
cscript.exe:1164
cscript.exe:1160
cscript.exe:884
cscript.exe:1168
cscript.exe:232
cscript.exe:1816
cscript.exe:1056
cscript.exe:1240
cscript.exe:1960
cscript.exe:2032
cscript.exe:716
cscript.exe:1176
cscript.exe:776
cscript.exe:612
cscript.exe:616
cscript.exe:1276
cscript.exe:484
cscript.exe:1976
cscript.exe:1288
cscript.exe:940
cscript.exe:1472
cscript.exe:2000
cscript.exe:476
cscript.exe:352
cscript.exe:1368
cscript.exe:804 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (2321 bytes)
C:\totalcmd\TCUNINST.EXE.exe (3073 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (7726 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (2321 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (30812 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (2321 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (3073 bytes)
C:\totalcmd\TcUsbRun.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\KAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (3361 bytes)
C:\totalcmd\TCMDX32.EXE.exe (3361 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (5441 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hoIEkYIc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wycsYQow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HYIcAQYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oOkEkAww.bat (112 bytes)
C:\2306813bc237cf7655ed3ebc0cc79b40 (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vEIEQYgE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BkEoEMMs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oiQYwgAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HQAQcUIc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MeQQwwEo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dKcIgYcY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PYMosgcY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pawkkYMY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RAsQAkoA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qussMUkI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NyMAQQIQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZwEIsoso.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OWUUsoco.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QuMokwgs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jCkAwwEs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RIEYAQcM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XooEMsUM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IqMgsAww.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DcIcIscw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bukgwwsY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BcsQkUEU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rMwEYcUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eeYIUQYg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZKYocIws.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AywAwkoQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fKAkscsI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rmYMUkEA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IkAEUwIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FQUQQwkY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rkQUAoAs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eEwsocMc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\goAsAAEw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PSEMMgsA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kikoAUsU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uWcsQAss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XUIAEIkY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qiEQcsQY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JMcwUkkY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VukAwUYs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\McYAswoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GeQsUcEg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wsQskIYk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ygUMYowU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xiMQMQUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gmUQQYAY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YqYIUIsc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dEkoAQMg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gOUQMUIE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TGEAIYMo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HYgMkgUE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PUMQcUkg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jOgsAsUQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JIAIYgsc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KkYYUEUk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qqcoosYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WMYkkwUA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RScYAkAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pIIsssgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VoAookMI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GSMMIIwo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UyMUIogo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fmUoYsQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CqgEgsQg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oigUcUAM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oecIMUYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HMYkMEoU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hAQAAUMw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xkUkoQoo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FSkwcgww.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IcosAoow.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lyskkcQQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CwckksIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSwAgoEQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cywQEoQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\neQkkAMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YOEcwYYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dcsEYcsM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ReQIcokI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TcgUEQws.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ukwkcIMQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PyYAUAQQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KCcgoEgQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HcIsoEEg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EWoAQogI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OKcoAQoA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wgUcUIQI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nWEMkQcs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FWAEwIoY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JCwMokEs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xwIYwgEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BeIkoggo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AGIoEMYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hUQwcwoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KyQEgcYo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qYYgwgks.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FGUIYcgo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XyEEQwcY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xekAIgkM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qWUQoAwQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\riIYkwUc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XuAwwAII.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YEEcQcoU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jeEQsEgw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vkwAIsYw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkQYQAsA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GewgAEEg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pIUkMskg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FcoUAEIk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\luoMoAwo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JYsogQYE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iSkwcYUQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JGIwMokQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LEsEcMkQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VoQUYcEE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aqIsUoUk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rioQUUwY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IkwUkosk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wEwwgcQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hugwQQgU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mMsUoEMk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gesQIQEs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FcIYokYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\heoUsIIU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sIsQAkAs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ReQkEkoc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YkAMowko.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VoEIQooY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KqAkwkQE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MycMUcEs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KMgsQYMc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JcwQEgMI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQcYwAYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iyckwoUY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XeMkEogA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TuEksMss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yykMIcQQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DCoUMoMY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sWYUMUQw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HGMooMQY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lSYUEcEE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uMIEgscc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VaYEgYAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LiAYggcA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hysoMkEU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PiIIsYMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JMMcIwkQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gmEMEsMM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ciYQIAUo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yowMIEYk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uQcsccYk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wuQoYMQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PagowEkw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bOQIUMQk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GiEgIUsY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fOAYoYMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iKcYYIYM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xagcMYQk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ogkIwEww.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hwcwowkE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Rcgkwcso.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xqYgsEIM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RAQwAMkA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jyMMwYEA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oqcwQAcM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JuwYIYog.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IIIkcMoY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HWEMIQso.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ueUMwMQw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yocskgkU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xiwMUwQE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NMIEccIk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xSgMgYgc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TsAsAggU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CCwcssgw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cGsoAMos.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GiwAUIUs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mqssEMMI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eosYAEUU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FgksMgsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SmkkUcgA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PIAcMoEw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CmMcgwoM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NigccAQQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JoIMwgMQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qWwkQAEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TSsEYkMQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\muwgcQsg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EOkUsocg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xYcMwgME.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GGgIEEkw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XIEcwkwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zoskEgUE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EUAcEkAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AKskwIkM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JcckccAY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FcIEEEQk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\keQcwQwc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\reYEkcEs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fiIkgAgM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XwYQAAoA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rGQEIAgs.bat (112 bytes)
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe (3849 bytes)
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe (3681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\swcoMkgc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JaoMIIAs.bat (4 bytes)
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe (3729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jKgcQkMI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PecAEscg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aeEocYcA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hGIAUUgA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tkoUsQcs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DkUcwwws.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lCooQoIk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vsEgMgcc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\buYcAQEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fkAksQoY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GEEYYooc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ByYwEQYk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hqQIIwQU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PuAsoIgM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LqcQAQMM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RMAkkUkI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qQQYYEAo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DYQQkwUQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rWQAwMsI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JOkcAMAQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmIsQwcI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\myokMoYM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pEsgkQkg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cYMEIUcs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OkkIEYUw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geUQMUgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lWokYEUY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CYggkQQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\moAoQQgQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DIIkUsEU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cWsgwIgU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zYcEwAMo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yAYMwIUc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DQgcEUgs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VIQUwIYY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NqYkUUsM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uoMkIUME.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hWwYEIkI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cuIsUIws.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UOMwsQYA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BGIQMoMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQUIwgAY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NkwAwYQE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wmkooIIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UsUcgsQo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LcAAsIsk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MsUQcMgQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CuMkIgcU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eysoEMUw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ciEYoUws.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WGEMooIs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SkkEMYkc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AUoAcEss.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CqssYIQU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kEAAsggk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\roQUEQIk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UqkoQsss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\guEMkwAw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\voIIoogY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\veMUcAoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pgEgEogk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UIEcEcsE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WMIkUUMI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\heccSowR.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PgUYEwAM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yGgIoAMY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mgsgAcUY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSEYIYUA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wMcUkEQE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UckgQUgU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mmYQcIAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZoIkMUQQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IgsAwooE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dukEQYUE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DkMUUkYk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wyskIYkw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MgUEsgEo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\quMsQsAQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uSMUEgYA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FiQgswIs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MAkoAoAI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jYIEEocg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PqocAQww.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CukQUEgA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RAsoAMIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cEYMEwwA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jyYowsAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NiMUIUEc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gUYskwoE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TckYUckQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CkgkQAoE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FGkEIwYc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CCckQAEM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QWEQcgwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TasoQwAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bmscYwAs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\okswAEEU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DmoUwAsY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nWYgIscM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RkUsEEAg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JEwkEMsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZSMMgAAM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vgIwIcEg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uKggogMM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCggQwMg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XiwkUMYk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VaoUwUgk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kckkYAIs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OawQcAoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XsoUkIck.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oiwIgAsM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\locowwYc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kOgwkcAA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gQoscYIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kGEAIgkY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AGUkAsMY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SAMkogoo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NkQUQggU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aUAgcAwo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bEkEgIAo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xgUkwMcw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pSYskgQA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ToUEQEAY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IyYMgwAA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AUsAkoEA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aKoUMQEI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CqYkUwAA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hWIksAcs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EWgcgIgI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LukgsQAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KkosYYkE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FKYoYEUs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GkwwUMYg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\faAQsIAQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EqcgkIMs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JyYoYQII.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DuUEkQMY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jEMMcwwU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QEYgEgAs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bKsIgccs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sqoMkgIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uGEgYwcg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kKcgEMQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YQEgYowM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gyMwYMgk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VIgwcYIc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wqMUAAMc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ywEAAQgM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\leEkwgks.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qUgIkcgM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sMIsksIs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nukMYMYg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KcYAMokE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RqkkgQEs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\McYAUMEE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tQIggUkA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lGssYIsg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SOgsQoYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pMQEwEIs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iSAYwwQI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hqckckAY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UIwMEEsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XKEIMckw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\leQYMIEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nuEggAsU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JGkwYQYY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ssYYYcMs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VmMwsAwI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uGcwoEQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rgIUggwE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cykYAckU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qaooUIIo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vqoEgUUY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mSwUAIkc.bat (112 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.
