Gen.Trojan.Heur.TP.rrWbi0PJbi_20f915de56
Gen:Trojan.Heur.TP.rrW@bi@0PJbi (B) (Emsisoft), Gen:Trojan.Heur.TP.rrW@bi@0PJbi (AdAware), ZeroAccess.YR (Lavasoft MAS)
Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
| Requires JavaScript enabled! |
|---|
MD5: 20f915de567cc1b7315868f7ec1116d0
SHA1: 4cafb50415372d3f0632b6f6acac13c3d3bfb0db
SHA256: 74c8f9cd8645e65568b950f8a3063355317f38097b8a691bc898ede22ae938ba
SSDeep: 24576:ZW5PN1WDe3Utx61UXrlLydffLWJe8xG4DN5LCdUzjjjsb:qaDxVXFytWJe0Dz3Yb
Size: 1341952 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-01-06 02:36:08
Analyzed on: WindowsXP SP3 32-bit
Summary:
Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
cscript.exe:1788
cscript.exe:216
cscript.exe:1140
cscript.exe:1300
cscript.exe:492
cscript.exe:1836
cscript.exe:1076
cscript.exe:624
cscript.exe:1072
cscript.exe:1944
cscript.exe:544
cscript.exe:1376
cscript.exe:548
cscript.exe:348
cscript.exe:284
cscript.exe:1672
cscript.exe:1792
cscript.exe:1796
cscript.exe:1152
cscript.exe:260
cscript.exe:264
cscript.exe:332
cscript.exe:1016
cscript.exe:1824
cscript.exe:928
cscript.exe:1388
cscript.exe:296
cscript.exe:824
cscript.exe:372
cscript.exe:1236
cscript.exe:1920
cscript.exe:1480
cscript.exe:1304
cscript.exe:1484
cscript.exe:1716
cscript.exe:1620
cscript.exe:1520
cscript.exe:364
cscript.exe:584
cscript.exe:580
cscript.exe:1336
cscript.exe:304
cscript.exe:1632
cscript.exe:1332
cscript.exe:380
cscript.exe:1432
cscript.exe:2040
cscript.exe:1840
cscript.exe:1536
cscript.exe:644
cscript.exe:436
cscript.exe:1224
cscript.exe:1220
cscript.exe:1344
cscript.exe:1228
cscript.exe:172
cscript.exe:1900
cscript.exe:1984
cscript.exe:852
cscript.exe:1988
cscript.exe:652
cscript.exe:1032
cscript.exe:188
cscript.exe:500
cscript.exe:632
cscript.exe:1860
cscript.exe:1596
cscript.exe:228
cscript.exe:780
cscript.exe:224
cscript.exe:812
cscript.exe:220
cscript.exe:1992
cscript.exe:1996
cscript.exe:2024
cscript.exe:2020
cscript.exe:816
cscript.exe:2028
cscript.exe:728
cscript.exe:604
cscript.exe:1168
cscript.exe:552
cscript.exe:232
cscript.exe:1816
cscript.exe:1240
cscript.exe:1964
cscript.exe:1196
cscript.exe:1568
cscript.exe:776
cscript.exe:772
cscript.exe:612
cscript.exe:1272
cscript.exe:1052
cscript.exe:1888
cscript.exe:1608
cscript.exe:1040
cscript.exe:1976
cscript.exe:1604
cscript.exe:940
cscript.exe:356
cscript.exe:476
cscript.exe:2004
cscript.exe:2008
cscript.exe:1368
%original file name%.exe:1304
%original file name%.exe:1788
%original file name%.exe:1300
%original file name%.exe:1264
%original file name%.exe:492
%original file name%.exe:1948
%original file name%.exe:1220
%original file name%.exe:1944
%original file name%.exe:344
%original file name%.exe:340
%original file name%.exe:1468
%original file name%.exe:544
%original file name%.exe:1376
%original file name%.exe:1520
%original file name%.exe:548
%original file name%.exe:1916
%original file name%.exe:348
%original file name%.exe:284
%original file name%.exe:1672
%original file name%.exe:716
%original file name%.exe:1152
%original file name%.exe:264
%original file name%.exe:364
%original file name%.exe:1824
%original file name%.exe:1064
%original file name%.exe:928
%original file name%.exe:216
%original file name%.exe:824
%original file name%.exe:376
%original file name%.exe:1080
%original file name%.exe:1236
%original file name%.exe:1480
%original file name%.exe:1484
%original file name%.exe:1716
%original file name%.exe:1252
%original file name%.exe:1016
%original file name%.exe:584
%original file name%.exe:580
%original file name%.exe:1984
%original file name%.exe:1332
%original file name%.exe:380
%original file name%.exe:1436
%original file name%.exe:900
%original file name%.exe:1432
%original file name%.exe:2040
%original file name%.exe:1648
%original file name%.exe:1536
%original file name%.exe:644
%original file name%.exe:436
%original file name%.exe:432
%original file name%.exe:1224
%original file name%.exe:624
%original file name%.exe:1344
%original file name%.exe:332
%original file name%.exe:252
%original file name%.exe:1900
%original file name%.exe:1632
%original file name%.exe:852
%original file name%.exe:1988
%original file name%.exe:188
%original file name%.exe:1036
%original file name%.exe:500
%original file name%.exe:636
%original file name%.exe:560
%original file name%.exe:1860
%original file name%.exe:228
%original file name%.exe:780
%original file name%.exe:220
%original file name%.exe:1992
%original file name%.exe:1028
%original file name%.exe:1104
%original file name%.exe:2028
%original file name%.exe:1512
%original file name%.exe:604
%original file name%.exe:556
%original file name%.exe:1168
%original file name%.exe:1604
%original file name%.exe:232
%original file name%.exe:1052
%original file name%.exe:280
%original file name%.exe:1056
%original file name%.exe:1240
%original file name%.exe:1964
%original file name%.exe:1196
%original file name%.exe:2036
%original file name%.exe:2032
%original file name%.exe:1792
%original file name%.exe:612
%original file name%.exe:616
%original file name%.exe:1276
%original file name%.exe:1888
%original file name%.exe:792
%original file name%.exe:1608
%original file name%.exe:1040
%original file name%.exe:1288
%original file name%.exe:940
%original file name%.exe:1472
%original file name%.exe:356
%original file name%.exe:476
%original file name%.exe:352
%original file name%.exe:2004
%original file name%.exe:1368
%original file name%.exe:804
The Trojan injects its code into the following process(es):
fGAwoYMM.exe:396
reIEcoQI.exe:1116
NesIMIQs.exe:1108
Mutexes
The following mutexes were created/opened:
No objects were found.
File activity
The process %original file name%.exe:1304 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oggMUgQo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jsYkQMog.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uOgsgIAI.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dYIYQAQM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jsYkQMog.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dYIYQAQM.bat (0 bytes)
The process %original file name%.exe:1788 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AsYsIAgQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HAIsYIUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yksQMkQI.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OyoAEoAU.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yksQMkQI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OyoAEoAU.bat (0 bytes)
The process %original file name%.exe:1300 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LuUsIoAI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fikMsYQE.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fikMsYQE.bat (0 bytes)
The process %original file name%.exe:1264 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uUEgQoQI.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYUUkMMw.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uUEgQoQI.bat (0 bytes)
The process %original file name%.exe:492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xCUYQcgw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\facQwwEk.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\facQwwEk.bat (0 bytes)
The process %original file name%.exe:1948 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kIckQwEE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fYQggAcI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QcAcQgAg.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PWAkQsIQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fYQggAcI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QcAcQgAg.bat (0 bytes)
The process %original file name%.exe:1220 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DuQEMkAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ouososgA.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DuQEMkAc.bat (0 bytes)
The process %original file name%.exe:1944 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AeAIUYsk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HWYEIIMU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sMIgYUUs.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (25332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PmwMgQgc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PiIgYAIA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZYQkcsck.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mCwMokoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lEoYQkUs.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sMIgYUUs.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mCwMokoU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lEoYQkUs.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PiIgYAIA.bat (0 bytes)
The process %original file name%.exe:344 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KIEQgcoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IekYIIsg.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IekYIIsg.bat (0 bytes)
The process %original file name%.exe:340 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EccMocYU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\diokIUwI.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\diokIUwI.bat (0 bytes)
The process %original file name%.exe:1468 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TCYAYEIQ.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (18999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iQggMkYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pyUIAogg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hSIQcAog.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qmgIQUIw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uEcgkIQc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qmgIQUIw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TCYAYEIQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pyUIAogg.bat (0 bytes)
The process %original file name%.exe:544 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ssoMQUYw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rAIIcMgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gYowkwIc.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GQMkQQkQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ssoMQUYw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gYowkwIc.bat (0 bytes)
The process %original file name%.exe:1376 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\miMIYMgE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bmIksgAI.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\miMIYMgE.bat (0 bytes)
The process %original file name%.exe:1520 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IWMEYMAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\suYYswMc.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YCwosQsY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XmkAosMA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\suYYswMc.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XmkAosMA.bat (0 bytes)
The process %original file name%.exe:548 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\smMsIYkw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AQQEUsMw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IEocgYQA.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (31665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ngUgUYQM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FQYwoAgg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kAsIsMMA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NywksckM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uCkUgUAc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hWokgwwM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KUAgwwYU.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ngUgUYQM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smMsIYkw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FQYwoAgg.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kAsIsMMA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KUAgwwYU.bat (0 bytes)
The process %original file name%.exe:1916 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iUkEAUsc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HAYcEgok.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HAYcEgok.bat (0 bytes)
The process %original file name%.exe:348 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NcQAAIsU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SAwkcwIs.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xWMwAIEE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NcQAAIsU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SAwkcwIs.bat (0 bytes)
The process %original file name%.exe:284 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nSkEAwsg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JiQsEUgw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\swkIQsMg.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NIoYcwEE.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nSkEAwsg.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NIoYcwEE.bat (0 bytes)
The process %original file name%.exe:1672 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\neIcYUwk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HuUoMQQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DksosUQU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aAMsgYEw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ugEAwowU.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (31665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\omQcQAYo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gyksQUkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hAYoUMYQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pAgMwoEo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WCAkMoEc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aAMsgYEw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\neIcYUwk.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HuUoMQQE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\omQcQAYo.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pAgMwoEo.bat (0 bytes)
The process %original file name%.exe:716 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe (3969 bytes)
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe (3993 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lGUUEAAA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CuIMcUkw.bat (4 bytes)
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe (3921 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CuIMcUkw.bat (0 bytes)
The process %original file name%.exe:1152 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Wkgkkcoc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LmoYYgow.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bsIEoIME.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bUwwskwE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Wkgkkcoc.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LmoYYgow.bat (0 bytes)
The process %original file name%.exe:264 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SwscAkcQ.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hcEoggMo.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SwscAkcQ.bat (0 bytes)
The process %original file name%.exe:364 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hcMooIgc.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KWsMosgg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KWsMosgg.bat (0 bytes)
The process %original file name%.exe:1824 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aUoEQIEE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GkYQsoAs.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aUoEQIEE.bat (0 bytes)
The process %original file name%.exe:1064 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WmAQkAAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ASYwkogk.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QUUcUcoM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pAUwAsgc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WmAQkAAE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QUUcUcoM.bat (0 bytes)
The process %original file name%.exe:928 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IkUcsUkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FWsIgUQA.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CiQkAUoY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FEcIMgIs.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FWsIgUQA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FEcIMgIs.bat (0 bytes)
The process %original file name%.exe:216 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KQQAQsok.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iOcwUsYw.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iOcwUsYw.bat (0 bytes)
The process %original file name%.exe:824 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KugQcwQs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jSEosYko.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jSEosYko.bat (0 bytes)
The process %original file name%.exe:376 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QuQAcsAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BkEgskYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SYscAgQM.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SGoAEgMw.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QuQAcsAE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BkEgskYI.bat (0 bytes)
The process %original file name%.exe:1080 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dYccIccI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pGIYkYEg.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\pGIYkYEg.bat (0 bytes)
The process %original file name%.exe:1236 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SYoIcYAI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xAYkYQkY.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oIEsIscg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KgUgwQAo.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SYoIcYAI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xAYkYQkY.bat (0 bytes)
The process %original file name%.exe:1480 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FUYQAoow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zMcwwAUM.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (18999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rKEYUEQc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EGMksAwc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GwsogwsI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KOYAIcYQ.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zMcwwAUM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GwsogwsI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KOYAIcYQ.bat (0 bytes)
The process %original file name%.exe:1484 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KegQgwEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ywAsQwso.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GKEAQkIE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zOUwEEAY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KegQgwEQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ywAsQwso.bat (0 bytes)
The process %original file name%.exe:1716 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RgQQMEwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hugkkwgY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQsEIkko.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rGIwAQAE.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hugkkwgY.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rGIwAQAE.bat (0 bytes)
The process %original file name%.exe:1252 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IAgckkcI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QYYkgQgg.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IAgckkcI.bat (0 bytes)
The process %original file name%.exe:1016 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XcYcEsUA.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (18999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZuQUAYcU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MEggYcsI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uqskkEoc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iMkIwEAw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vMMsIwwM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XcYcEsUA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iMkIwEAw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZuQUAYcU.bat (0 bytes)
The process %original file name%.exe:584 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XoEAQgkw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hykIEYYY.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hykIEYYY.bat (0 bytes)
The process %original file name%.exe:580 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qykEMUoM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hKAYMcUc.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hKAYMcUc.bat (0 bytes)
The process %original file name%.exe:1984 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JYUIAAMI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RecIQUow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NOYoQsIg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SKsYAssE.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NOYoQsIg.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SKsYAssE.bat (0 bytes)
The process %original file name%.exe:1332 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WmcoAoUg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BsYogcUQ.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BsYogcUQ.bat (0 bytes)
The process %original file name%.exe:380 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LWIEAMcg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YWYEUoIQ.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YWYEUoIQ.bat (0 bytes)
The process %original file name%.exe:1436 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IAkcsEAk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uoMcEcMk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qsAQYkEE.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (18999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rooQoIAE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MsgIsQkw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EgUIgogM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qsAQYkEE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MsgIsQkw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EgUIgogM.bat (0 bytes)
The process %original file name%.exe:900 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dYAwIYcc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vCIwQMIs.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dYAwIYcc.bat (0 bytes)
The process %original file name%.exe:1432 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XMEgUYoU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mGcsoocU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OQMAgwkc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KCMYIUMI.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (18999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZeEsskMc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rqIAgEIU.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mGcsoocU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OQMAgwkc.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rqIAgEIU.bat (0 bytes)
The process %original file name%.exe:2040 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AioMcsgE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rWoEsAgM.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AioMcsgE.bat (0 bytes)
The process %original file name%.exe:1648 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JiYYwEAo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uOAkkEgo.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JiYYwEAo.bat (0 bytes)
The process %original file name%.exe:1536 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YsgUAcwg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ECoMskEI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cwIAccwE.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SYkMAcIY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cwIAccwE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YsgUAcwg.bat (0 bytes)
The process %original file name%.exe:644 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uWoEMggI.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JygAAUwU.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uWoEMggI.bat (0 bytes)
The process %original file name%.exe:436 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PqcoMwEY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZCQMgQsk.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eKowwIYo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hsIogIMg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PqcoMwEY.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hsIogIMg.bat (0 bytes)
The process %original file name%.exe:432 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kkkMMIAU.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Aokwckwc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Aokwckwc.bat (0 bytes)
The process %original file name%.exe:1224 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tiMMYQcI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aakUssUU.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QyQssAEs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VKwoAgMk.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tiMMYQcI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VKwoAgMk.bat (0 bytes)
The process %original file name%.exe:624 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wgsMIkUY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JIwQcskQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AkYwUcIQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kaskEsUI.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JIwQcskQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kaskEsUI.bat (0 bytes)
The process %original file name%.exe:1344 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NGMsEcgI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uaMIMsQk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pEUgosUQ.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (18999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QqwcsMAA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qQUAkoIA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cOYEQcUI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qQUAkoIA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pEUgosUQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cOYEQcUI.bat (0 bytes)
The process %original file name%.exe:332 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YccAYcoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zSIEocYk.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zSIEocYk.bat (0 bytes)
The process %original file name%.exe:252 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FKQQgksA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iGEsEcEI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rggwoIUo.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CEIggkEc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FKQQgksA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CEIggkEc.bat (0 bytes)
The process %original file name%.exe:1900 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zecQsoYY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\viQsIMoU.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\viQsIMoU.bat (0 bytes)
The process %original file name%.exe:1632 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OMIcAEko.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NAYEkgYo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OcMsIMMo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYUMAsMs.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (18999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KekIQwMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rwQMYskk.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OMIcAEko.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OcMsIMMo.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYUMAsMs.bat (0 bytes)
The process %original file name%.exe:852 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eoIMsMog.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NUkosUIQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mWsUQswY.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jsIsoQUE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mWsUQswY.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NUkosUIQ.bat (0 bytes)
The process %original file name%.exe:1988 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DeMwkkoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IOwUwosg.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IOwUwosg.bat (0 bytes)
The process %original file name%.exe:188 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RYEQMcYg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZyQwcAwg.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZyQwcAwg.bat (0 bytes)
The process %original file name%.exe:1036 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JEcIogkg.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vucIgMkY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vucIgMkY.bat (0 bytes)
The process %original file name%.exe:500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oYAUcIEQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hMYEwcgU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ROcwQAso.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LsMMYYQc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hMYEwcgU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LsMMYYQc.bat (0 bytes)
The process %original file name%.exe:636 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GYowYgsU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dAMYAogA.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dAMYAogA.bat (0 bytes)
The process %original file name%.exe:560 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tUEMUEYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BisUosgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GekwAkAU.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FMUkwQAk.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GekwAkAU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FMUkwQAk.bat (0 bytes)
The process %original file name%.exe:228 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oWgcMcoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ickUcwwc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQookkEA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lskEEgcg.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WQookkEA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lskEEgcg.bat (0 bytes)
The process %original file name%.exe:780 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nOMAEsgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eMAMkocQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CGogIcsM.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gKwMkYQs.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CGogIcsM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gKwMkYQs.bat (0 bytes)
The process %original file name%.exe:220 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xqkAQUMA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wGsYwkco.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xqkAQUMA.bat (0 bytes)
The process %original file name%.exe:1992 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UCAQEsEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BCgEogIw.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (18999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kSkMUQAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LaoIYAQc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QWIgMMMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zGUIoQUU.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zGUIoQUU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BCgEogIw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kSkMUQAE.bat (0 bytes)
The process %original file name%.exe:1028 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yAMEgkIM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bYUMoEQo.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yMEAIgog.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LmosoQgY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bYUMoEQo.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yMEAIgog.bat (0 bytes)
The process %original file name%.exe:1104 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LEUIgEgc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dGYwwcgw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QgIAoUQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LYsoEgAY.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QgIAoUQI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LYsoEgAY.bat (0 bytes)
The process %original file name%.exe:2028 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FmMwoQcw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iyoYMgwg.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CQcscsUA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GewwwwAk.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FmMwoQcw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CQcscsUA.bat (0 bytes)
The process %original file name%.exe:1512 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vEwEkwwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sWEIgMMI.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sWEIgMMI.bat (0 bytes)
The process %original file name%.exe:604 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AUAAUcIk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tGwwQYAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ikEMgEUQ.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (18999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cUgowQAk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ooMkcooA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bwgwgsko.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AUAAUcIk.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bwgwgsko.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tGwwQYAc.bat (0 bytes)
The process %original file name%.exe:556 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SwkQAYwQ.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SiQgQAQk.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SiQgQAQk.bat (0 bytes)
The process %original file name%.exe:1168 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eIIkUssU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OasYkAEQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XmsUEMsQ.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (18999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cAMIUIcA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DCMIMMcw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tAMMkYkU.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DCMIMMcw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tAMMkYkU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XmsUEMsQ.bat (0 bytes)
The process %original file name%.exe:1604 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AkEggwkU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AmgcYwQE.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AmgcYwQE.bat (0 bytes)
The process %original file name%.exe:232 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LisEwcoc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\owIMQQwU.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WMcUMwwk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FuooIEEM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LisEwcoc.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FuooIEEM.bat (0 bytes)
The process %original file name%.exe:1052 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wsgkAgYM.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EiUowQEk.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EiUowQEk.bat (0 bytes)
The process %original file name%.exe:280 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZokgwAUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xcwcYEME.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xcwcYEME.bat (0 bytes)
The process %original file name%.exe:1056 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yAkkYIsg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UcoUkIEc.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UcoUkIEc.bat (0 bytes)
The process %original file name%.exe:1240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lAIYEssc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gOwMcAkA.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lAIYEssc.bat (0 bytes)
The process %original file name%.exe:1964 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XSAgUwkk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZQIoQEoA.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UosEkUkc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KUQYUwwE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XSAgUwkk.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UosEkUkc.bat (0 bytes)
The process %original file name%.exe:1196 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WwMUIYEE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zQMQUcMs.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zQMQUcMs.bat (0 bytes)
The process %original file name%.exe:2036 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oWYAwcsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GqwsIgkQ.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oWYAwcsw.bat (0 bytes)
The process %original file name%.exe:2032 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QiokEMcs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QgYoMsgM.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QiokEMcs.bat (0 bytes)
The process %original file name%.exe:1792 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nEUcIwEs.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PywkoIoM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nEUcIwEs.bat (0 bytes)
The process %original file name%.exe:612 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KgQwgoYQ.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\riUYEYAg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\riUYEYAg.bat (0 bytes)
The process %original file name%.exe:616 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xYAIAwoo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lyQIQQUs.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (18999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VSkQcEMw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iQwUYUYA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IKgUgUYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pKMUQMEA.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xYAIAwoo.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iQwUYUYA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lyQIQQUs.bat (0 bytes)
The process %original file name%.exe:1276 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fikMAkkc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MMAIUAYM.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MMAIUAYM.bat (0 bytes)
The process %original file name%.exe:1888 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kaQMUUgw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TgcwcEIo.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UOAswQUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lAIgogEo.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kaQMUUgw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UOAswQUI.bat (0 bytes)
The process %original file name%.exe:792 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\csMEIYgM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BMkMkoIM.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\csMEIYgM.bat (0 bytes)
The process %original file name%.exe:1608 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\neQwgsAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fCIkIwIg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nIYcEogE.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (25332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VEUkEgQg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xMYMMwwQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HmoIcMsc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\poYsAMUk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qSYQsoYQ.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\neQwgsAU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xMYMMwwQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qSYQsoYQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VEUkEgQg.bat (0 bytes)
The process %original file name%.exe:1040 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wEUgEogU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WOwwwAsI.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WOwwwAsI.bat (0 bytes)
The process %original file name%.exe:1288 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WKoksMss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\piQAgcYY.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WKoksMss.bat (0 bytes)
The process %original file name%.exe:940 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lSYsEEAM.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\begwAogA.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lSYsEEAM.bat (0 bytes)
The process %original file name%.exe:1472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eAQMIwos.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bCMggAws.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oSUooIIs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SeswAsEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gMIIcoYs.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (18999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ocQgIIko.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SeswAsEQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eAQMIwos.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ocQgIIko.bat (0 bytes)
The process %original file name%.exe:356 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BMYMggwk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dyQQkYwI.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (31665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yOIYcoUE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DaEYEMEA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KqUUwIUw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XMEMAwco.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fYgcUQog.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SWQAYkYU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XqEMQMss.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dAYcIQww.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fYgcUQog.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SWQAYkYU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dyQQkYwI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dAYcIQww.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XMEMAwco.bat (0 bytes)
The process %original file name%.exe:476 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IaQcQAEU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RykwMwYQ.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IaQcQAEU.bat (0 bytes)
The process %original file name%.exe:352 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bWAQooYk.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lAQAoUwE.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lAQAoUwE.bat (0 bytes)
The process %original file name%.exe:2004 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aAMUcwkk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mOcIAIUw.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (6333 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aAMUcwkk.bat (0 bytes)
The process %original file name%.exe:1368 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CYUIkQws.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awYQwksA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MQAcoYAQ.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YkkcYUQA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CYUIkQws.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YkkcYUQA.bat (0 bytes)
The process %original file name%.exe:804 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NIQUIUYA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cCgwEMUU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IuQgsIoc.bat (4 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (25332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cmUIMwIs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BOYEsMwc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WSckcsck.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MEkgIQgw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aekskwkY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MEkgIQgw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IuQgsIoc.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cCgwEMUU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cmUIMwIs.bat (0 bytes)
The process NesIMIQs.exe:1108 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (7726 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (2321 bytes)
C:\totalcmd\TCUNINST.EXE.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (2321 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (30812 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (2321 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\KAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (3361 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (3361 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (3073 bytes)
C:\totalcmd\TCMDX32.EXE.exe (3361 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (2321 bytes)
C:\totalcmd\TcUsbRun.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (5441 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (2321 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp (0 bytes)
C:\totalcmd\TCMDX32.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp (0 bytes)
C:\totalcmd\TCUNINST.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp (0 bytes)
C:\totalcmd\TOTALCMD.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp (0 bytes)
C:\totalcmd\TCMADMIN.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg (0 bytes)
Registry activity
The process cscript.exe:1788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B B5 B3 D8 D7 57 24 B4 00 F8 7E C1 AE 48 FE 7A"
The process cscript.exe:216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DD B5 4E 71 0B 43 07 43 5A 5B 5C 81 9C DD F2 12"
The process cscript.exe:1140 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AE B1 51 6A D0 42 41 AF 2C 8C 56 0A 6E 1C A8 E0"
The process cscript.exe:1300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9E B8 74 CA 22 D6 03 26 F6 DC 98 BA 50 02 D0 9B"
The process cscript.exe:492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D F5 D6 76 DD 97 80 61 7E BF F4 5E 41 9E B7 BD"
The process cscript.exe:1836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EA 85 34 2F 50 B8 C7 56 65 5B 30 93 A2 B5 26 D2"
The process cscript.exe:1076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 21 87 14 73 77 65 1A 5D B9 9B 25 1B 0C E7 09"
The process cscript.exe:624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 45 5A 39 F9 2B E5 73 4C E1 44 22 0F DF 96 AC"
The process cscript.exe:1072 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 D8 34 0E E1 35 9A 29 72 43 F4 A2 B1 C3 E2 D6"
The process cscript.exe:1944 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF B8 DA 96 6D FC DF 27 83 9E 15 A0 2E 73 6D CF"
The process cscript.exe:544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 C6 05 3B 48 32 5D 0C 5F F5 FE 97 2B DA 17 53"
The process cscript.exe:1376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0C F0 8E 53 CC 36 29 87 8D A0 A9 41 E5 82 0A E4"
The process cscript.exe:548 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 98 B2 59 44 9A 3F B0 9C 7D 89 0F 14 70 DB DA"
The process cscript.exe:348 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 00 46 9E 31 80 74 C0 1E F8 88 F1 9B AA C1 CF"
The process cscript.exe:284 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A 1D 51 4C A3 24 69 40 D4 7F 27 EC AF 74 20 04"
The process cscript.exe:1672 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "46 BA 1A EE B5 E6 E7 AA 40 29 A4 AF 80 C4 63 FD"
The process cscript.exe:1792 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D 27 50 CD 76 50 90 7F B0 1D 4F BC B1 8B D0 45"
The process cscript.exe:1796 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 53 BD BF DB 31 66 D5 23 53 86 0A 18 89 63 A8"
The process cscript.exe:1152 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "11 0D 98 BD 6C 2F 19 66 51 0E 71 D0 33 E5 B3 FA"
The process cscript.exe:260 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E 59 9E 08 EC 36 61 3C 4B 0A 7D BE 35 D3 E8 04"
The process cscript.exe:264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BD D6 07 58 E2 84 49 28 CF 49 C8 94 72 5F 0C 64"
The process cscript.exe:332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F4 20 5A FF D4 9F AC 89 7E 4D DE F7 01 A9 3A 59"
The process cscript.exe:1016 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF D9 8D A2 83 AC EB 7D FB 83 A6 11 7A ED 70 62"
The process cscript.exe:1824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C 16 7F B5 DC E1 F2 61 A1 A3 AC 5D C0 C7 1D 4C"
The process cscript.exe:928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 43 3A 83 25 5B 10 EE 79 CB A5 8D 07 3A 74 64"
The process cscript.exe:1388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 CF 20 AB 28 BF 26 23 4A 29 56 D5 BB C7 A4 4C"
The process cscript.exe:296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 F2 BD B3 9C 1B 42 93 D7 C1 F1 CD DB 1B E8 D7"
The process cscript.exe:824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 62 74 BA A5 BC 82 B7 0D 3A 86 E8 56 AD 3A E1"
The process cscript.exe:372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 E8 10 78 3E DE 2A 27 43 1D 80 03 EB E4 75 BA"
The process cscript.exe:1236 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "85 DF 83 0C F8 46 68 D4 64 C6 AA 82 3B DA FC 6D"
The process cscript.exe:1920 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 E1 DA D2 3A BA FB 39 0C F5 38 5E 17 EB 17 B0"
The process cscript.exe:1480 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 1A EB A3 C9 5A 3E C1 B5 48 2F C2 41 15 A2 6F"
The process cscript.exe:1304 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 18 17 47 20 7E 55 2D C1 46 9D 4B F6 94 E8 40"
The process cscript.exe:1484 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 B7 8E AA AD 6C CF F1 4B 74 61 D4 78 BF 0A 98"
The process cscript.exe:1716 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 5A 36 66 17 D5 07 AD 2B 26 AA 9E 93 88 EC 16"
The process cscript.exe:1620 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE 66 D0 64 77 B7 8A 63 16 D0 DE 2D 20 62 BB 85"
The process cscript.exe:1520 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 AF 91 AA D5 14 18 5F BF 83 E8 FA D5 D4 6E 8F"
The process cscript.exe:364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "43 DA 69 B2 DD 45 0F 0B 4D 4E F7 3F 6E 69 5B BE"
The process cscript.exe:584 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE D8 C7 C7 C1 2A 09 1F E1 4C 42 31 5D 36 EC E8"
The process cscript.exe:580 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 52 CD B6 7D EB C1 AA 4D D9 12 BA 3C A4 CD EE"
The process cscript.exe:1336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 7D B3 2B 55 F3 AB 8A 57 A0 D1 6E 96 68 9D 64"
The process cscript.exe:304 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 5A 16 80 94 F9 7E C6 CF 24 3C 11 CA 4A E5 C7"
The process cscript.exe:1632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B3 1B 96 7A AA 45 E6 6A B3 07 57 02 25 39 3C 8B"
The process cscript.exe:1332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 92 AA 72 1E 6B A9 4E 24 0B BD F0 06 6C DC 3F"
The process cscript.exe:380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 7B A8 44 02 39 1A 56 9E F8 36 EB 9D AA E2 64"
The process cscript.exe:1432 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2D F0 54 AD 12 65 49 25 BE 30 2A 29 17 6D 13 EA"
The process cscript.exe:2040 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E 9C 20 94 0D BD D6 BC BE C8 58 BF DF 24 0C 0F"
The process cscript.exe:1840 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D 9A C5 37 0B 07 93 9F E4 AD E7 F5 DF D7 8D EC"
The process cscript.exe:1536 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 EE BB AF EA DE 67 8C 3F 11 1F 7E 06 B4 1D 71"
The process cscript.exe:644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D C5 19 D4 5C 8D 57 30 77 BD F9 6A FB D9 58 98"
The process cscript.exe:436 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 02 71 E0 06 A2 53 C0 97 17 1E B1 4F 26 D0 F5"
The process cscript.exe:1224 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 5F F4 27 10 FD B5 87 41 FC 45 D2 98 A2 C2 74"
The process cscript.exe:1220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B ED DF D4 86 AB 82 02 7B 8E E8 7D DF 1B 17 D3"
The process cscript.exe:1344 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 96 FC 23 8D 25 91 65 71 1F C0 71 90 EE 60 B7"
The process cscript.exe:1228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C 5B 51 41 12 9A 2D 03 61 B6 26 72 2E 08 39 79"
The process cscript.exe:172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 AC 49 CF 8D 7D CA C9 E2 38 31 A5 D2 38 B5 F9"
The process cscript.exe:1900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC D6 C4 49 93 29 82 EA D9 B0 05 B1 A7 6B 24 80"
The process cscript.exe:1984 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 53 CA DC BE 9D 5B FF 85 2E 82 72 EE 14 C4 24"
The process cscript.exe:852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 E1 02 48 41 7D 77 C3 F1 4F BD 54 47 A4 BE 58"
The process cscript.exe:1988 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 A5 47 45 D7 A6 14 90 1A 46 05 00 01 A1 DD 71"
The process cscript.exe:652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 62 01 92 25 C8 F8 46 D2 95 B5 5B FE 49 16 22"
The process cscript.exe:1032 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 E5 CC 35 25 BB 21 84 FA 0B DC 16 71 E9 C5 4E"
The process cscript.exe:188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 3F A5 A3 B1 7D 85 66 DC A6 99 C7 00 EF 16 9D"
The process cscript.exe:500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "59 6D 5A 07 DC 55 B0 33 7B 6D E8 15 7C 32 2D C0"
The process cscript.exe:632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D 54 98 29 B5 3E 43 21 DE 67 76 FC E6 A1 D1 39"
The process cscript.exe:1860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 22 96 BE 20 28 03 56 9D 06 79 93 EB D9 2C 06"
The process cscript.exe:1596 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 26 B7 6E 32 A7 CC 7D C6 FA 1D F3 0C 17 3D 70"
The process cscript.exe:228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 5A 58 F6 4E F1 AF 84 47 DB E5 1E FD ED 51 FC"
The process cscript.exe:780 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 C1 42 6C 98 F4 C2 B0 1B D6 FE 55 1D DA 33 8F"
The process cscript.exe:224 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3F 90 32 FD 73 31 7B BB E5 F1 75 95 04 9C CA F4"
The process cscript.exe:812 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 C1 CB A3 7B 5D CC C3 44 81 38 DA 07 89 1F 0B"
The process cscript.exe:220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 29 7C 10 BC DC E4 AB EE 46 5B BA EC 14 D3 A4"
The process cscript.exe:1992 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7D F9 53 28 BE F6 56 12 71 65 7A BD D0 18 6F 14"
The process cscript.exe:1996 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 FF 99 60 79 70 6A E1 AA EB 86 7D 0A F1 68 7C"
The process cscript.exe:2024 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 03 3F DE 39 F8 37 FB D6 61 1D 79 D0 60 84 CC"
The process cscript.exe:2020 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4F 53 45 BF 43 30 9B A0 E4 A2 34 AE 9D BE A0 27"
The process cscript.exe:816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E2 25 4A 86 77 F1 32 79 87 B6 96 15 CD 21 D2 8A"
The process cscript.exe:2028 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F 16 A6 DD BD F1 19 B0 65 F1 86 D2 76 0B 05 88"
The process cscript.exe:728 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 B9 0C 54 B4 37 8B 30 DC 65 F3 D3 B3 C9 4D 5C"
The process cscript.exe:604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 AE 11 B0 8F 24 FF D1 6D 02 BE 1F 38 30 E3 6D"
The process cscript.exe:1168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 48 17 8C DB 5F 59 F1 28 B6 35 A9 12 B5 A5 81"
The process cscript.exe:552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 67 1A 3D 6C 4F 55 14 92 9F 00 A7 0B 70 C0 43"
The process cscript.exe:232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D5 53 75 57 C0 D2 C2 75 21 81 5C 0C 81 C8 E3 76"
The process cscript.exe:1816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 B0 20 C6 A5 ED E6 57 4B D1 1C C6 DE 80 C3 00"
The process cscript.exe:1240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 2D 52 4A B8 A6 DA 23 D1 72 2E 03 83 D6 B8 1C"
The process cscript.exe:1964 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 44 C2 8B 9D 70 E7 5A 04 28 38 FA 71 CC 76 0C"
The process cscript.exe:1196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D 2F 6E 69 CE 3C 32 99 80 62 C3 FE 64 30 E9 3E"
The process cscript.exe:1568 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA FC 23 46 A9 EA A6 EE 2D 0B CF 37 F9 8C 04 F8"
The process cscript.exe:776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 E9 E2 ED C5 96 1C D2 E7 B5 E8 16 10 BC B9 BC"
The process cscript.exe:772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D4 56 9F 98 84 D9 AC C5 CE 61 AE 54 63 03 4D 42"
The process cscript.exe:612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E 16 0D 62 70 68 7F D9 8D 59 9E 8D 48 67 E8 91"
The process cscript.exe:1272 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F B4 66 85 DB 7C BA 18 A2 98 F9 E5 F1 14 C5 77"
The process cscript.exe:1052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F8 8B 12 EB 75 EA 71 D7 16 D0 D7 16 4A 79 C6 50"
The process cscript.exe:1888 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F5 43 C5 19 BB 52 FF F5 5B 57 3A EE A4 9D 91 BA"
The process cscript.exe:1608 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F C3 10 F9 8F FB 36 44 57 C4 17 33 2C E8 10 73"
The process cscript.exe:1040 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "11 F7 C0 D8 42 E4 52 BC 64 5C E6 23 C1 37 D1 D4"
The process cscript.exe:1976 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F 82 D9 FE 2A 08 88 85 65 14 49 19 AD E4 C6 8C"
The process cscript.exe:1604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 35 E5 26 0A 9A B6 C8 E2 38 AE D8 87 39 8B AC"
The process cscript.exe:940 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EA 7F 89 68 F6 50 72 F2 0E 9C 3F 7C D2 DF 45 B9"
The process cscript.exe:356 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 6C 20 CE B7 72 9B 07 4F 8E F0 10 E0 11 6B C2"
The process cscript.exe:476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 EF 99 EC 08 FB FE 31 3B 5B F6 E1 E0 55 AE 38"
The process cscript.exe:2004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E6 0D D2 CC 7C 75 51 E2 16 91 90 90 FE BF EB 33"
The process cscript.exe:2008 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E 0F 5F B2 19 BD EE 42 FA 97 27 6F 5E 17 A5 41"
The process cscript.exe:1368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E6 C2 A9 39 22 5B E0 61 EE 39 0C 8B E0 9F AE 31"
The process fGAwoYMM.exe:396 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 36 19 A9 BB 33 A9 A1 1D DB 48 B3 4D 1E DE 0C"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
The process reIEcoQI.exe:1116 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 B3 17 9D BD 70 A8 1C CE 04 64 EB 18 10 34 00"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
The process %original file name%.exe:1304 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 7A D0 CC E6 83 CA 7E 29 54 DC 91 81 32 4C 9F"
The process %original file name%.exe:1788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 C5 10 93 F6 99 1C AC 05 72 32 12 C9 47 D2 EF"
The process %original file name%.exe:1300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 13 C5 3E 9A AD 72 B9 DD 4A 2A 45 C4 5C 59 68"
The process %original file name%.exe:1264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 E3 81 0A FB 4C 2E 51 B1 14 C0 5F 58 70 51 20"
The process %original file name%.exe:492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 43 A3 D2 95 7A 89 AC 42 3E F6 7A B4 D2 C6 A1"
The process %original file name%.exe:1948 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA E2 84 AC 44 89 DD DE 6C B9 1D E3 28 CB 2F AE"
The process %original file name%.exe:1220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "60 B8 6B B2 8D D1 3A 1F 35 0F 1D CF 6D 59 68 FE"
The process %original file name%.exe:1944 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 51 70 AB 86 5E F8 95 2F 0E 4A 65 38 CA AE 81"
The process %original file name%.exe:344 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "62 D9 C3 4B 56 03 79 8D F8 9D 8F 31 9C AE 25 DD"
The process %original file name%.exe:340 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2D 90 4E 8E 97 0E DC 58 8D 1C 9C 69 29 65 25 34"
The process %original file name%.exe:1468 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 36 95 DB D8 F1 8B 1D D1 D1 03 8E 3A 4D 90 91"
The process %original file name%.exe:544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B 0D 50 AF 3A 9D C4 FD C1 22 61 04 BE 0F AF 00"
The process %original file name%.exe:1376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 FC 29 48 13 CD 82 A5 AF 56 14 BC 17 21 9E 50"
The process %original file name%.exe:1520 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "56 57 A1 2A F1 2E EE 03 E5 D5 96 F9 6E DE 38 11"
The process %original file name%.exe:548 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A2 28 BC 6D E4 03 B4 5A 76 BC 44 E9 99 4A F2 89"
The process %original file name%.exe:1916 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 94 6C 9F AB AE E4 FA 3B 98 4A 10 8E BA 80 08"
The process %original file name%.exe:348 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 F1 DD B2 32 BE D1 49 C3 11 89 FF E0 A6 1B 37"
The process %original file name%.exe:284 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 52 A9 95 29 04 3D B7 59 7B 0E 2D F9 38 61 A8"
The process %original file name%.exe:1672 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A B2 08 17 4B CB 52 84 76 E6 0C 62 91 F6 FF 79"
The process %original file name%.exe:716 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "64 34 B2 C3 56 DB 65 E5 DC 4D B8 9B 76 FD 0C 88"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
The process %original file name%.exe:1152 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 21 B3 F0 3A F5 E0 7E 5B 24 DE 42 0C 3F A2 87"
The process %original file name%.exe:264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9D E5 EA D6 9A 29 4E 18 89 2F 4D 0B 0F D5 CD F2"
The process %original file name%.exe:364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 5F BF F6 DD C4 59 CD DA E1 35 88 DD 8E 6E 29"
The process %original file name%.exe:1824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D8 B8 EF BD 55 6F 46 55 E0 8D F5 A6 90 57 2D 75"
The process %original file name%.exe:1064 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2A 61 15 8C E2 60 C9 95 6C 22 87 DE 8B 1F FF A8"
The process %original file name%.exe:928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0C A4 4B 82 F8 6D 6E 74 E5 CA 03 96 CB F6 B0 A2"
The process %original file name%.exe:216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 64 D2 AC 79 98 9F 65 69 52 2C 61 14 51 E8 1B"
The process %original file name%.exe:824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 2A A2 B7 CB 7D F7 11 E0 0A 29 2D 8B 14 EC 1A"
The process %original file name%.exe:376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 F7 7A A6 A3 8B 7E 5E ED AD C7 B0 82 D4 34 5A"
The process %original file name%.exe:1080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DD 42 DC FD E7 BC B7 7A 1A 88 89 F9 7A 1D D4 A7"
The process %original file name%.exe:1236 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "85 DB 63 8F 61 80 9B 46 2D 8B 35 D9 A6 13 85 C1"
The process %original file name%.exe:1480 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 FA 58 29 69 7B 37 7B 4B D5 A6 01 64 62 88 88"
The process %original file name%.exe:1484 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2C A3 8F 30 05 44 5C 3E 0D BE D0 84 26 17 A5 B2"
The process %original file name%.exe:1716 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 1B 73 D1 5B BB 59 35 40 66 4C 6B 43 5B 20 F8"
The process %original file name%.exe:1252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 38 A5 0E 7B E7 32 38 1D F7 9C ED 0C 28 7E A4"
The process %original file name%.exe:1016 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F E9 D1 CF DF 1F 0B 99 7D A4 4F 1B F5 D1 DE 96"
The process %original file name%.exe:584 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 C7 17 07 D5 65 F0 6C DB CE F7 CC 61 7D AD 39"
The process %original file name%.exe:580 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AC B3 23 C2 BE 1D B1 E2 C7 6B A5 7F 9D E9 17 04"
The process %original file name%.exe:1984 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B4 A0 61 B5 7D 7D C7 FB 54 81 6D D1 B1 AD 3D D9"
The process %original file name%.exe:1332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 74 53 ED 35 D6 CD 75 D0 D6 55 9C AA CD 5E 65"
The process %original file name%.exe:380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "62 FB 13 61 6F FD 5B 5B 31 66 FB 2E D1 BA 20 FC"
The process %original file name%.exe:1436 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 2C A0 87 1D 34 98 9C 6A D8 D4 DF 96 5E 4D 8E"
The process %original file name%.exe:900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 BF 17 77 79 D7 D1 AA A5 30 11 E5 7D 1B F3 F9"
The process %original file name%.exe:1432 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 C9 30 2A B4 4E 00 2D AB 6D 8C A2 CB 18 85 8A"
The process %original file name%.exe:2040 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4F 6C 30 6E AF 1A FF 90 94 B3 92 73 0A D7 E6 2D"
The process %original file name%.exe:1648 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E2 D7 97 BD 91 89 4E BB 98 23 C4 44 38 E2 A1 A9"
The process %original file name%.exe:1536 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB C0 8B 62 2B 8C 65 1E 4B 22 19 BA 24 CC 21 E5"
The process %original file name%.exe:644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 E4 C0 CF 86 D9 2D 43 B0 E0 9A 0F E2 86 C9 17"
The process %original file name%.exe:436 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 7F 5F B0 F9 27 DC EB 81 0E EA 0C 3D 25 5C 0E"
The process %original file name%.exe:432 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 4E 31 C8 CD 9A 6A 76 29 55 EC 33 D3 CA F4 D0"
The process %original file name%.exe:1224 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 C2 2E 15 56 1A 23 59 9D 79 13 F4 14 13 F3 F2"
The process %original file name%.exe:624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 64 8A 1A 14 D3 80 C2 75 D0 6B 1C D2 C4 9D 58"
The process %original file name%.exe:1344 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 50 5A 75 99 45 C1 BB 39 7F A5 AA 3E 71 3D 20"
The process %original file name%.exe:332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "59 4D E4 93 E0 53 15 47 96 45 FE 2D 15 B1 EA 99"
The process %original file name%.exe:252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BA 63 08 ED 3C C5 07 1F BA B4 E1 40 FF AA 5F 12"
The process %original file name%.exe:1900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 F5 8E 04 D0 16 C0 27 00 4F C9 5B EF 72 85 D1"
The process %original file name%.exe:1632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC EA C0 50 24 08 9D 03 DD BF 6C 05 73 C6 15 26"
The process %original file name%.exe:852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FB EC F4 29 E4 18 95 6F 51 3F 1E 85 0E CC 7F 62"
The process %original file name%.exe:1988 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 86 7E 0C 33 3C B1 89 A6 73 67 AC D1 6F C8 F0"
The process %original file name%.exe:188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 DE AE 04 8F F5 77 8D 96 00 A7 9A 32 E5 CF EB"
The process %original file name%.exe:1036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 60 8C 68 EC 14 16 62 8A 57 4D 5D 35 CD F1 B1"
The process %original file name%.exe:500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 91 A6 75 8B 50 1D E5 FE 1C 5B 6B 8C F1 67 8F"
The process %original file name%.exe:636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 EA EF EF FB 67 E4 95 05 A9 C4 00 79 AB 2B 7B"
The process %original file name%.exe:560 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 B5 BC A9 72 26 19 E6 C7 5B 04 03 49 D3 4F 48"
The process %original file name%.exe:1860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 15 7B B8 EE F2 39 93 58 C2 F1 0C 6D B0 15 EA"
The process %original file name%.exe:228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA 3A 0D 02 5F B9 6D 9D 0B 3F B9 30 90 78 30 35"
The process %original file name%.exe:780 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "06 63 85 5A 8F BD CE 30 CB 4A CC DB 7D A0 4D 12"
The process %original file name%.exe:220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "62 C7 A0 DE 12 29 53 C5 AB 88 B5 A3 08 82 07 A4"
The process %original file name%.exe:1992 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 CD A3 A5 70 B0 03 A7 12 B5 72 C7 D6 9B 0B C3"
The process %original file name%.exe:1028 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 1C 54 5D 03 FA E1 CE 94 8E 49 0A 21 3F 5D DB"
The process %original file name%.exe:1104 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "67 AE F5 B3 A6 E6 6B 44 F8 44 C5 9B DF 35 91 43"
The process %original file name%.exe:2028 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 E0 84 A6 6B 3A C8 FF AC C3 EE 34 AC 73 BC 31"
The process %original file name%.exe:1512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 1D 49 0E 98 5B 93 2C 4F 26 35 3B 72 80 73 30"
The process %original file name%.exe:604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 3C 45 B0 FF 43 E8 6B A3 6A 51 59 79 21 8C D7"
The process %original file name%.exe:556 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 1D 38 12 DE 87 8D F8 11 B0 42 31 F5 6B 63 43"
The process %original file name%.exe:1168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 A0 AF 09 BC 4D 3D EE B8 34 86 89 9F EA 9B D2"
The process %original file name%.exe:1604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 7C 43 1A 29 95 FB 88 28 EE CF 2E 95 D9 46 FF"
The process %original file name%.exe:232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF E2 81 03 36 D9 19 08 04 26 A5 30 BF B1 16 11"
The process %original file name%.exe:1052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 D0 93 38 85 E1 50 C2 EE C1 97 D0 9A B7 FC 67"
The process %original file name%.exe:280 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E0 B3 BA 6B 35 D5 19 CE A2 41 6B 5F 1E FE 66 8E"
The process %original file name%.exe:1056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 06 33 73 1D 1B E6 A0 86 21 6B DF 8A A9 C5 08"
The process %original file name%.exe:1240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 25 71 ED F7 51 B7 49 3E 45 0B 44 29 48 2D 27"
The process %original file name%.exe:1964 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C 71 02 11 98 33 FA A4 ED 65 ED 3A A9 A8 2D 47"
The process %original file name%.exe:1196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF 88 9E 8F 03 5E F4 17 19 1F 26 95 C7 7B F2 65"
The process %original file name%.exe:2036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "43 AE 4C 5E 1A 6D B0 5B 22 CE 2C 93 13 6E C3 C6"
The process %original file name%.exe:2032 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AC 41 B6 98 F3 00 57 EB 51 4A C4 04 00 19 83 85"
The process %original file name%.exe:1792 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 7C 23 51 E8 EB 76 62 6E 8F F2 61 51 10 31 EE"
The process %original file name%.exe:612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E 1A F8 05 44 0E D9 F1 D4 3D 6A 0D DB 4C 28 99"
The process %original file name%.exe:616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 A7 A6 2D 1D 31 60 DC 47 56 62 0B 33 A2 8E 7C"
The process %original file name%.exe:1276 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 62 C7 1D 79 D0 D7 4C F2 D3 1B 64 F5 83 C0 43"
The process %original file name%.exe:1888 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE F8 EE 4C 50 46 A8 F8 7A 34 2B C2 52 4D 3E D8"
The process %original file name%.exe:792 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 09 31 5E 0C 48 45 4B 60 52 55 2C A3 6C 1A DF"
The process %original file name%.exe:1608 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 98 AB 3C C6 96 27 DF 1A F9 D7 65 E7 BF A4 4C"
The process %original file name%.exe:1040 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 AD 4C C2 B6 8E 90 A9 73 DC E2 3A CE 85 19 AB"
The process %original file name%.exe:1288 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AE 86 94 82 19 AB A8 E1 67 A7 62 D5 75 57 60 52"
The process %original file name%.exe:940 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "39 B9 4F 78 14 45 65 15 17 DD 84 6E 58 C6 16 59"
The process %original file name%.exe:1472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 FE EB 6F 8C B8 09 C2 C5 7F 34 3A 6E A1 BB 01"
The process %original file name%.exe:356 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 77 FE 02 61 0B 48 1B 5D 9E 03 66 05 DA 92 97"
The process %original file name%.exe:476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "54 B2 CA B8 31 78 13 CB CB DE CF B6 B3 39 31 8F"
The process %original file name%.exe:352 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 95 6C 94 F9 87 79 4F 8A 95 3B A4 32 75 B8 55"
The process %original file name%.exe:2004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E 8E 64 EA A5 77 17 BC A6 2B 9E B0 37 E3 1D 26"
The process %original file name%.exe:1368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 DA 3D 25 6C D7 21 84 41 09 1C 07 70 DE 87 D0"
The process %original file name%.exe:804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1A D0 2D 1A 43 5B 2C DC F6 5F 71 E3 70 53 E9 FC"
The process NesIMIQs.exe:1108 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "62 AD 4D 9F E5 FB 2F 6A 6D 7E 46 4C B4 FF E7 1E"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
Dropped PE files
| MD5 | File path |
|---|---|
| debe0c998929f4f2f66706351731a699 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe |
| 15b0980e68c1cf31c51742cab928391c | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe |
| 1a957e534ce33dff94f39044f3100565 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe |
| abe5cbd5afa19a3746c50456c7c0e1b3 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe |
| f854591f80b93b7723fe190706a9b5b9 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe |
| a3870d13e6f6b9d06f5f90a3a2d09da8 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe |
| 37f54402392bf9bf704ecd857248b1d9 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe |
| 3ab7bd10613b755b63d13374af561451 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe |
| 2aeeab2bad8bd9656e144e34ad5b5c66 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe |
| 921b5fe50cb30e855cadaf1e841b8590 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe |
| 6f3e45737bd0cffc19c8cec0d5d29ce6 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe |
| 3709a32741a1128872edfb4462a12f14 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe |
| f7d948a0af225c1a985bf7385c9e181e | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe |
| ee7742486b6fb1f8c56b291ec6a4c9ba | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe |
| cacde388f6035ccd2826568f5e89a560 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe |
| 8dceb6e8f6022edf0419c5ad8c74442c | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe |
| 0954baa511dfbfeede1bedcd515fb5b5 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe |
| 34b6fd97d2ddb2b3297ed7bd1e0c6b33 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe |
| 2f4c5fc5f18d57a1d42d822d798def9c | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe |
| 48328994de97e92bf4707f8990fcf3e0 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe |
| 4fde0d591cd2ac682b6643cbf5c9a7b8 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe |
| 8ff513673a134e36dbd46171682f2665 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe |
| a1249643a873e3e12fcee601e3183914 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe |
| 6375b43922e2dfa0a63e0c9c84f36776 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe |
| bf8996aae771b0f771e69a691b2ebebe | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe |
| abf0e5755ab2ebfed2af90391bd1be0c | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe |
| 0ab16c005ef5e856893d541b8b894c6b | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe |
| 9d01240cbdd25d0866c9f41837e0a0c4 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe |
| ffb0e987fe722e1f7b09f7f7f61d3f37 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe |
| 606e69058e22106cda3c5e4a30b42ac0 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe |
| 4f16703084fb408fb22567e2d7c256b5 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe |
| 8b8c3e72a1eab9e99a68e029492d8efd | c:\Documents and Settings\All Users\JuwEIgUE\reIEcoQI.exe |
| e1c0d3d21f192fbd91b96e94078d5cbc | c:\Documents and Settings\All Users\hcYYccwo\NesIMIQs.exe |
| ce4ac3ef22776074dd972e079810d38d | c:\Documents and Settings\"%CurrentUserName%"\dUskcAww\fGAwoYMM.exe |
| 4e585c912a3f4109aef6c8f43380b102 | c:\Perl\eg\IEExamples\ie_animated.gif.exe |
| 24394ea1377c34ccc1175e510494f92e | c:\Perl\eg\IEExamples\psbwlogo.gif.exe |
| 30433fa25d19d0bdcf93d927201c24aa | c:\Perl\eg\aspSamples\ASbanner.gif.exe |
| dfc449b786e1090b854a22e012a3dda5 | c:\Perl\eg\aspSamples\Main_Banner.gif.exe |
| a63f3f10409d4ced63b450472fd8d9e9 | c:\Perl\eg\aspSamples\psbwlogo.gif.exe |
| f7ed3648b13bc9ab1b8e8ed84fc20abc | c:\Perl\html\images\AS_logo.gif.exe |
| e45485571c094733548438592f1d4fa1 | c:\Perl\html\images\PerlCritic_run.png.exe |
| 72be459babae2fdf70a36a4d2ca2512f | c:\Perl\html\images\aslogo.gif.exe |
| 2215e46d190fea8a56fe3e4dc71384b8 | c:\Perl\html\images\ppm_gui.png.exe |
| 0d01fa05ba2c10a0f91b12ef99118d3a | c:\Perl\lib\ActivePerl\PPM\images\gecko.png.exe |
| 29eebbab274c40f93bf20dcec10c8b6d | c:\Perl\lib\ActivePerl\PPM\images\perl_48x48.png.exe |
| b5dbd55e7f098af288edec61974de7a7 | c:\Perl\lib\Devel\NYTProf\js\asc.png.exe |
| 1c1e1349f23c8b6197ce67534541d89d | c:\Perl\lib\Devel\NYTProf\js\bg.png.exe |
| 42bf546e180aa088949b647e74a42b61 | c:\Perl\lib\Devel\NYTProf\js\desc.png.exe |
| be42129362cd2f9650a67498713d0270 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient.png.exe |
| 74b62a07ea21abc0240e0d8edcb15412 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient20.png.exe |
| 0f0fb3c7392bc3c97e7bf93cf0c9e247 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient30.png.exe |
| 36eb165359048e8400b8a5db6617dddd | c:\Perl\lib\Devel\NYTProf\js\jit\gradient40.png.exe |
| 02b2da1e95d2a97460d9935df1b8b650 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient50.png.exe |
| 89bf266835e950d5f94dc95004d82fd8 | c:\Perl\lib\Mozilla\CA\cacert.pem.exe |
| 7ad0d83b1123aca392495ad67e4fcebe | c:\totalcmd\TCMADMIN.EXE.exe |
| 3d2580f42b874a077ca4a83c290959c0 | c:\totalcmd\TCMDX32.EXE.exe |
| ac921bd4b07536d3b073c003d31b1ddf | c:\totalcmd\TCUNINST.EXE.exe |
| 31be7cb828ae3b22ee6e34f1f638aed4 | c:\totalcmd\TOTALCMD.EXE.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
VersionInfo
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 1335296 | 1334784 | 5.51901 | f75004292cd4bc705d77a98663056309 |
| .rdata | 1339392 | 4096 | 512 | 2.24853 | 7ea21a4faa1edca4b10a6348df23ac50 |
| .data | 1343488 | 361 | 512 | 4.30304 | c041afb72a9a61268797347a32a6dee9 |
| .rsrc | 1347584 | 4444 | 4608 | 3.14935 | e98c6378dd6c303d9a24daf6d9fac47b |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
URLs
| URL | IP |
|---|---|
| hxxp://google.com/ |  173.194.122.5 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Web Traffic was not found.
The Trojan connects to the servers at the folowing location(s):
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
cscript.exe:1788
cscript.exe:216
cscript.exe:1140
cscript.exe:1300
cscript.exe:492
cscript.exe:1836
cscript.exe:1076
cscript.exe:624
cscript.exe:1072
cscript.exe:1944
cscript.exe:544
cscript.exe:1376
cscript.exe:548
cscript.exe:348
cscript.exe:284
cscript.exe:1672
cscript.exe:1792
cscript.exe:1796
cscript.exe:1152
cscript.exe:260
cscript.exe:264
cscript.exe:332
cscript.exe:1016
cscript.exe:1824
cscript.exe:928
cscript.exe:1388
cscript.exe:296
cscript.exe:824
cscript.exe:372
cscript.exe:1236
cscript.exe:1920
cscript.exe:1480
cscript.exe:1304
cscript.exe:1484
cscript.exe:1716
cscript.exe:1620
cscript.exe:1520
cscript.exe:364
cscript.exe:584
cscript.exe:580
cscript.exe:1336
cscript.exe:304
cscript.exe:1632
cscript.exe:1332
cscript.exe:380
cscript.exe:1432
cscript.exe:2040
cscript.exe:1840
cscript.exe:1536
cscript.exe:644
cscript.exe:436
cscript.exe:1224
cscript.exe:1220
cscript.exe:1344
cscript.exe:1228
cscript.exe:172
cscript.exe:1900
cscript.exe:1984
cscript.exe:852
cscript.exe:1988
cscript.exe:652
cscript.exe:1032
cscript.exe:188
cscript.exe:500
cscript.exe:632
cscript.exe:1860
cscript.exe:1596
cscript.exe:228
cscript.exe:780
cscript.exe:224
cscript.exe:812
cscript.exe:220
cscript.exe:1992
cscript.exe:1996
cscript.exe:2024
cscript.exe:2020
cscript.exe:816
cscript.exe:2028
cscript.exe:728
cscript.exe:604
cscript.exe:1168
cscript.exe:552
cscript.exe:232
cscript.exe:1816
cscript.exe:1240
cscript.exe:1964
cscript.exe:1196
cscript.exe:1568
cscript.exe:776
cscript.exe:772
cscript.exe:612
cscript.exe:1272
cscript.exe:1052
cscript.exe:1888
cscript.exe:1608
cscript.exe:1040
cscript.exe:1976
cscript.exe:1604
cscript.exe:940
cscript.exe:356
cscript.exe:476
cscript.exe:2004
cscript.exe:2008
cscript.exe:1368
%original file name%.exe:1304
%original file name%.exe:1788
%original file name%.exe:1300
%original file name%.exe:1264
%original file name%.exe:492
%original file name%.exe:1948
%original file name%.exe:1220
%original file name%.exe:1944
%original file name%.exe:344
%original file name%.exe:340
%original file name%.exe:1468
%original file name%.exe:544
%original file name%.exe:1376
%original file name%.exe:1520
%original file name%.exe:548
%original file name%.exe:1916
%original file name%.exe:348
%original file name%.exe:284
%original file name%.exe:1672
%original file name%.exe:716
%original file name%.exe:1152
%original file name%.exe:264
%original file name%.exe:364
%original file name%.exe:1824
%original file name%.exe:1064
%original file name%.exe:928
%original file name%.exe:216
%original file name%.exe:824
%original file name%.exe:376
%original file name%.exe:1080
%original file name%.exe:1236
%original file name%.exe:1480
%original file name%.exe:1484
%original file name%.exe:1716
%original file name%.exe:1252
%original file name%.exe:1016
%original file name%.exe:584
%original file name%.exe:580
%original file name%.exe:1984
%original file name%.exe:1332
%original file name%.exe:380
%original file name%.exe:1436
%original file name%.exe:900
%original file name%.exe:1432
%original file name%.exe:2040
%original file name%.exe:1648
%original file name%.exe:1536
%original file name%.exe:644
%original file name%.exe:436
%original file name%.exe:432
%original file name%.exe:1224
%original file name%.exe:624
%original file name%.exe:1344
%original file name%.exe:332
%original file name%.exe:252
%original file name%.exe:1900
%original file name%.exe:1632
%original file name%.exe:852
%original file name%.exe:1988
%original file name%.exe:188
%original file name%.exe:1036
%original file name%.exe:500
%original file name%.exe:636
%original file name%.exe:560
%original file name%.exe:1860
%original file name%.exe:228
%original file name%.exe:780
%original file name%.exe:220
%original file name%.exe:1992
%original file name%.exe:1028
%original file name%.exe:1104
%original file name%.exe:2028
%original file name%.exe:1512
%original file name%.exe:604
%original file name%.exe:556
%original file name%.exe:1168
%original file name%.exe:1604
%original file name%.exe:232
%original file name%.exe:1052
%original file name%.exe:280
%original file name%.exe:1056
%original file name%.exe:1240
%original file name%.exe:1964
%original file name%.exe:1196
%original file name%.exe:2036
%original file name%.exe:2032
%original file name%.exe:1792
%original file name%.exe:612
%original file name%.exe:616
%original file name%.exe:1276
%original file name%.exe:1888
%original file name%.exe:792
%original file name%.exe:1608
%original file name%.exe:1040
%original file name%.exe:1288
%original file name%.exe:940
%original file name%.exe:1472
%original file name%.exe:356
%original file name%.exe:476
%original file name%.exe:352
%original file name%.exe:2004
%original file name%.exe:1368
%original file name%.exe:804 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\oggMUgQo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jsYkQMog.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uOgsgIAI.bat (112 bytes)
C:\20f915de567cc1b7315868f7ec1116d0 (12666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dYIYQAQM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AsYsIAgQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HAIsYIUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yksQMkQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OyoAEoAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LuUsIoAI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fikMsYQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uUEgQoQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYUUkMMw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xCUYQcgw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\facQwwEk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kIckQwEE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fYQggAcI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QcAcQgAg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PWAkQsIQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DuQEMkAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ouososgA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AeAIUYsk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HWYEIIMU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sMIgYUUs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PmwMgQgc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PiIgYAIA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZYQkcsck.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mCwMokoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lEoYQkUs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KIEQgcoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IekYIIsg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EccMocYU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\diokIUwI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TCYAYEIQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iQggMkYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pyUIAogg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hSIQcAog.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qmgIQUIw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uEcgkIQc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ssoMQUYw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rAIIcMgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gYowkwIc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GQMkQQkQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\miMIYMgE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bmIksgAI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IWMEYMAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\suYYswMc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YCwosQsY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XmkAosMA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smMsIYkw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AQQEUsMw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IEocgYQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ngUgUYQM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FQYwoAgg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kAsIsMMA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NywksckM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uCkUgUAc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hWokgwwM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KUAgwwYU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iUkEAUsc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HAYcEgok.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NcQAAIsU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SAwkcwIs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xWMwAIEE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nSkEAwsg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JiQsEUgw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\swkIQsMg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NIoYcwEE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\neIcYUwk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HuUoMQQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DksosUQU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aAMsgYEw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ugEAwowU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\omQcQAYo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gyksQUkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hAYoUMYQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pAgMwoEo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WCAkMoEc.bat (112 bytes)
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe (3969 bytes)
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe (3993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lGUUEAAA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CuIMcUkw.bat (4 bytes)
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe (3921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Wkgkkcoc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LmoYYgow.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bsIEoIME.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bUwwskwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SwscAkcQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hcEoggMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hcMooIgc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KWsMosgg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aUoEQIEE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GkYQsoAs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WmAQkAAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ASYwkogk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QUUcUcoM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pAUwAsgc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IkUcsUkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FWsIgUQA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CiQkAUoY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FEcIMgIs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KQQAQsok.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iOcwUsYw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KugQcwQs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jSEosYko.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QuQAcsAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BkEgskYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SYscAgQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SGoAEgMw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dYccIccI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pGIYkYEg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SYoIcYAI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xAYkYQkY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oIEsIscg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KgUgwQAo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FUYQAoow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zMcwwAUM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rKEYUEQc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EGMksAwc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GwsogwsI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KOYAIcYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KegQgwEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ywAsQwso.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GKEAQkIE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zOUwEEAY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RgQQMEwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hugkkwgY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQsEIkko.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rGIwAQAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IAgckkcI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QYYkgQgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XcYcEsUA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZuQUAYcU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MEggYcsI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uqskkEoc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iMkIwEAw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vMMsIwwM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XoEAQgkw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hykIEYYY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qykEMUoM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hKAYMcUc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JYUIAAMI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RecIQUow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NOYoQsIg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SKsYAssE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WmcoAoUg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BsYogcUQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LWIEAMcg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YWYEUoIQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IAkcsEAk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uoMcEcMk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qsAQYkEE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rooQoIAE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MsgIsQkw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EgUIgogM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dYAwIYcc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vCIwQMIs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XMEgUYoU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mGcsoocU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OQMAgwkc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KCMYIUMI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZeEsskMc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rqIAgEIU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AioMcsgE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rWoEsAgM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JiYYwEAo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uOAkkEgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YsgUAcwg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ECoMskEI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cwIAccwE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SYkMAcIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uWoEMggI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JygAAUwU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PqcoMwEY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZCQMgQsk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eKowwIYo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hsIogIMg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kkkMMIAU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Aokwckwc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tiMMYQcI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aakUssUU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QyQssAEs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VKwoAgMk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wgsMIkUY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JIwQcskQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AkYwUcIQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kaskEsUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NGMsEcgI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uaMIMsQk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pEUgosUQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QqwcsMAA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qQUAkoIA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cOYEQcUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YccAYcoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zSIEocYk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FKQQgksA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iGEsEcEI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rggwoIUo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CEIggkEc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zecQsoYY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\viQsIMoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OMIcAEko.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NAYEkgYo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OcMsIMMo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYUMAsMs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KekIQwMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rwQMYskk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eoIMsMog.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NUkosUIQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mWsUQswY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jsIsoQUE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DeMwkkoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IOwUwosg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYEQMcYg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZyQwcAwg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JEcIogkg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vucIgMkY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oYAUcIEQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hMYEwcgU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ROcwQAso.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LsMMYYQc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GYowYgsU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dAMYAogA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tUEMUEYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BisUosgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GekwAkAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FMUkwQAk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oWgcMcoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ickUcwwc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQookkEA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lskEEgcg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nOMAEsgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eMAMkocQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CGogIcsM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gKwMkYQs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xqkAQUMA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wGsYwkco.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UCAQEsEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BCgEogIw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kSkMUQAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LaoIYAQc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QWIgMMMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zGUIoQUU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yAMEgkIM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bYUMoEQo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yMEAIgog.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LmosoQgY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LEUIgEgc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dGYwwcgw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QgIAoUQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LYsoEgAY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FmMwoQcw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iyoYMgwg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CQcscsUA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GewwwwAk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vEwEkwwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sWEIgMMI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AUAAUcIk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tGwwQYAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ikEMgEUQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cUgowQAk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ooMkcooA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bwgwgsko.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SwkQAYwQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SiQgQAQk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eIIkUssU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OasYkAEQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XmsUEMsQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cAMIUIcA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DCMIMMcw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tAMMkYkU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AkEggwkU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AmgcYwQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LisEwcoc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\owIMQQwU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WMcUMwwk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FuooIEEM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wsgkAgYM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EiUowQEk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZokgwAUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xcwcYEME.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yAkkYIsg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UcoUkIEc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lAIYEssc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gOwMcAkA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XSAgUwkk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZQIoQEoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UosEkUkc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KUQYUwwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WwMUIYEE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zQMQUcMs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oWYAwcsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GqwsIgkQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QiokEMcs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QgYoMsgM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nEUcIwEs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PywkoIoM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KgQwgoYQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\riUYEYAg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xYAIAwoo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lyQIQQUs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VSkQcEMw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iQwUYUYA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IKgUgUYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pKMUQMEA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fikMAkkc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MMAIUAYM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kaQMUUgw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TgcwcEIo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UOAswQUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lAIgogEo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\csMEIYgM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BMkMkoIM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\neQwgsAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fCIkIwIg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nIYcEogE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VEUkEgQg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xMYMMwwQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HmoIcMsc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\poYsAMUk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qSYQsoYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wEUgEogU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WOwwwAsI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WKoksMss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\piQAgcYY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lSYsEEAM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\begwAogA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eAQMIwos.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bCMggAws.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oSUooIIs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SeswAsEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gMIIcoYs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ocQgIIko.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BMYMggwk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dyQQkYwI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yOIYcoUE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DaEYEMEA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KqUUwIUw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XMEMAwco.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fYgcUQog.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SWQAYkYU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XqEMQMss.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dAYcIQww.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IaQcQAEU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RykwMwYQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bWAQooYk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lAQAoUwE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aAMUcwkk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mOcIAIUw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CYUIkQws.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awYQwksA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MQAcoYAQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YkkcYUQA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NIQUIUYA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cCgwEMUU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IuQgsIoc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cmUIMwIs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BOYEsMwc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WSckcsck.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MEkgIQgw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aekskwkY.bat (112 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (7726 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (2321 bytes)
C:\totalcmd\TCUNINST.EXE.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (2321 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (30812 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (2321 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\KAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (3361 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (3361 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (3073 bytes)
C:\totalcmd\TCMDX32.EXE.exe (3361 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (2321 bytes)
C:\totalcmd\TcUsbRun.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (5441 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (2321 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.
