Gen.Variant.Kazy.530639_d2a6767840
Gen:Variant.Kazy.530639 (BitDefender), Trojan.Win32.Generic!BT (VIPRE), Win32.VirLock.6 (DrWeb), Gen:Variant.Kazy.530639 (B) (Emsisoft), Generic Obfuscated.g (McAfee), Gen:Variant.Kazy.530639 (FSecure), Gen:Variant.Kazy.530639 (AdAware), ZeroAccess.YR (Lavasoft MAS)
Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
| Requires JavaScript enabled! |
|---|
MD5: d2a676784026c3ad5030b692fe5cca1d
SHA1: 4af995acc26d3a3446754d6e2c710d44ea991e88
SHA256: 40c5082e8afee396f0bb2688b0a7b2c73da19de99b299d991d7f206916bc6e7c
SSDeep: 24576:eJ96P02xZun tedCiB0i70TlhCcGd alw:eJE087imi7AlwcGskw
Size: 924672 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-01-06 02:36:08
Analyzed on: WindowsXP SP3 32-bit
Summary:
Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
cscript.exe:2712
cscript.exe:2964
cscript.exe:3576
cscript.exe:212
cscript.exe:3712
cscript.exe:2844
cscript.exe:1308
cscript.exe:2096
cscript.exe:2092
cscript.exe:3652
cscript.exe:2524
cscript.exe:3172
cscript.exe:3856
cscript.exe:2404
cscript.exe:3852
cscript.exe:2400
cscript.exe:1676
cscript.exe:2464
cscript.exe:1316
cscript.exe:3884
cscript.exe:1920
cscript.exe:3936
cscript.exe:1796
cscript.exe:3332
cscript.exe:1496
cscript.exe:264
cscript.exe:3408
cscript.exe:3756
cscript.exe:3248
cscript.exe:2556
cscript.exe:2492
cscript.exe:3032
cscript.exe:3244
cscript.exe:2416
cscript.exe:2060
cscript.exe:2256
cscript.exe:2148
cscript.exe:3772
cscript.exe:3776
cscript.exe:1324
cscript.exe:3628
cscript.exe:2908
cscript.exe:3828
cscript.exe:332
cscript.exe:3272
cscript.exe:2824
cscript.exe:3676
cscript.exe:4044
cscript.exe:1712
cscript.exe:2780
cscript.exe:2544
cscript.exe:2300
cscript.exe:2980
cscript.exe:2304
cscript.exe:2268
cscript.exe:2388
cscript.exe:364
cscript.exe:2076
cscript.exe:2288
cscript.exe:3664
cscript.exe:2444
cscript.exe:3952
cscript.exe:2932
cscript.exe:3956
cscript.exe:3152
cscript.exe:3456
cscript.exe:3312
cscript.exe:2832
cscript.exe:3316
cscript.exe:2452
cscript.exe:4056
cscript.exe:2044
cscript.exe:3464
cscript.exe:3212
cscript.exe:3396
cscript.exe:3012
cscript.exe:3504
cscript.exe:1240
cscript.exe:2168
cscript.exe:3512
cscript.exe:432
cscript.exe:2616
cscript.exe:3612
cscript.exe:2612
cscript.exe:624
cscript.exe:3804
cscript.exe:2296
cscript.exe:1228
cscript.exe:3004
cscript.exe:2808
cscript.exe:3268
cscript.exe:252
cscript.exe:4084
cscript.exe:172
cscript.exe:1632
cscript.exe:2204
cscript.exe:1980
cscript.exe:2056
cscript.exe:2560
cscript.exe:2564
cscript.exe:3088
cscript.exe:2368
cscript.exe:2112
cscript.exe:3080
cscript.exe:2360
cscript.exe:2428
cscript.exe:3860
cscript.exe:2152
cscript.exe:636
cscript.exe:564
cscript.exe:2180
cscript.exe:2184
cscript.exe:3724
cscript.exe:3284
cscript.exe:160
cscript.exe:3280
cscript.exe:2212
cscript.exe:3448
cscript.exe:3376
cscript.exe:3964
cscript.exe:2752
cscript.exe:2352
cscript.exe:2100
cscript.exe:2692
cscript.exe:3968
cscript.exe:2104
cscript.exe:2864
cscript.exe:2732
cscript.exe:2868
cscript.exe:2572
cscript.exe:2636
cscript.exe:3632
cscript.exe:1288
cscript.exe:3148
cscript.exe:2816
cscript.exe:2948
cscript.exe:2940
cscript.exe:2136
cscript.exe:3108
cscript.exe:876
cscript.exe:2224
cscript.exe:2740
cscript.exe:1752
cscript.exe:644
cscript.exe:4092
cscript.exe:2872
cscript.exe:2724
cscript.exe:3912
cscript.exe:3708
cscript.exe:3544
cscript.exe:2332
cscript.exe:3540
cscript.exe:1280
cscript.exe:2232
cscript.exe:3220
cscript.exe:3104
cscript.exe:2000
cscript.exe:476
cscript.exe:2532
%original file name%.exe:2964
%original file name%.exe:3712
%original file name%.exe:2652
%original file name%.exe:2844
%original file name%.exe:1260
%original file name%.exe:2280
%original file name%.exe:2968
%original file name%.exe:2840
%original file name%.exe:3320
%original file name%.exe:4024
%original file name%.exe:2096
%original file name%.exe:4020
%original file name%.exe:2092
%original file name%.exe:3656
%original file name%.exe:3044
%original file name%.exe:3652
%original file name%.exe:3556
%original file name%.exe:1948
%original file name%.exe:2320
%original file name%.exe:2592
%original file name%.exe:1940
%original file name%.exe:2480
%original file name%.exe:2400
%original file name%.exe:3804
%original file name%.exe:2244
%original file name%.exe:2240
%original file name%.exe:816
%original file name%.exe:3836
%original file name%.exe:336
%original file name%.exe:3764
%original file name%.exe:3768
%original file name%.exe:3492
%original file name%.exe:2656
%original file name%.exe:1956
%original file name%.exe:4036
%original file name%.exe:3408
%original file name%.exe:3672
%original file name%.exe:2452
%original file name%.exe:3640
%original file name%.exe:2552
%original file name%.exe:1060
%original file name%.exe:2992
%original file name%.exe:3240
%original file name%.exe:2396
%original file name%.exe:2412
%original file name%.exe:532
%original file name%.exe:296
%original file name%.exe:3848
%original file name%.exe:1380
%original file name%.exe:2252
%original file name%.exe:1908
%original file name%.exe:196
%original file name%.exe:3944
%original file name%.exe:1924
%original file name%.exe:3148
%original file name%.exe:2068
%original file name%.exe:3384
%original file name%.exe:628
%original file name%.exe:2300
%original file name%.exe:4048
%original file name%.exe:2380
%original file name%.exe:1652
%original file name%.exe:2072
%original file name%.exe:2668
%original file name%.exe:308
%original file name%.exe:2440
%original file name%.exe:2768
%original file name%.exe:3816
%original file name%.exe:2936
%original file name%.exe:1336
%original file name%.exe:2284
%original file name%.exe:1632
%original file name%.exe:2884
%original file name%.exe:3264
%original file name%.exe:2256
%original file name%.exe:3552
%original file name%.exe:4056
%original file name%.exe:3464
%original file name%.exe:1636
%original file name%.exe:3460
%original file name%.exe:3500
%original file name%.exe:2572
%original file name%.exe:1648
%original file name%.exe:1240
%original file name%.exe:2676
%original file name%.exe:436
%original file name%.exe:3220
%original file name%.exe:2372
%original file name%.exe:2616
%original file name%.exe:3596
%original file name%.exe:3616
%original file name%.exe:3232
%original file name%.exe:2920
%original file name%.exe:2456
%original file name%.exe:2924
%original file name%.exe:456
%original file name%.exe:332
%original file name%.exe:3604
%original file name%.exe:3124
%original file name%.exe:2196
%original file name%.exe:3008
%original file name%.exe:1900
%original file name%.exe:2472
%original file name%.exe:2200
%original file name%.exe:2568
%original file name%.exe:3216
%original file name%.exe:2052
%original file name%.exe:4064
%original file name%.exe:2056
%original file name%.exe:3512
%original file name%.exe:3692
%original file name%.exe:1584
%original file name%.exe:656
%original file name%.exe:652
%original file name%.exe:2368
%original file name%.exe:2684
%original file name%.exe:3084
%original file name%.exe:2112
%original file name%.exe:2364
%original file name%.exe:3896
%original file name%.exe:3080
%original file name%.exe:2116
%original file name%.exe:1212
%original file name%.exe:2584
%original file name%.exe:2580
%original file name%.exe:2628
%original file name%.exe:3608
%original file name%.exe:3072
%original file name%.exe:2180
%original file name%.exe:3728
%original file name%.exe:3112
%original file name%.exe:3528
%original file name%.exe:3884
%original file name%.exe:2896
%original file name%.exe:2892
%original file name%.exe:3212
%original file name%.exe:2516
%original file name%.exe:2080
%original file name%.exe:4080
%original file name%.exe:2736
%original file name%.exe:3864
%original file name%.exe:1928
%original file name%.exe:2948
%original file name%.exe:232
%original file name%.exe:2136
%original file name%.exe:3348
%original file name%.exe:2132
%original file name%.exe:3100
%original file name%.exe:1612
%original file name%.exe:3184
%original file name%.exe:320
%original file name%.exe:2508
%original file name%.exe:2748
%original file name%.exe:3872
%original file name%.exe:2500
%original file name%.exe:3916
%original file name%.exe:204
%original file name%.exe:2640
%original file name%.exe:3476
%original file name%.exe:3052
%original file name%.exe:3704
%original file name%.exe:3780
%original file name%.exe:1804
%original file name%.exe:3788
%original file name%.exe:3524
%original file name%.exe:3424
%original file name%.exe:472
%original file name%.exe:3196
%original file name%.exe:808
The Trojan injects its code into the following process(es):
fGAwoYMM.exe:772
reIEcoQI.exe:1216
NesIMIQs.exe:1208
Mutexes
The following mutexes were created/opened:
IqgoYgME
lgIIIEQU
File activity
The process %original file name%.exe:2964 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ucMsUAgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qukEcMok.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qukEcMok.bat (0 bytes)
The process %original file name%.exe:3712 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BMksEAcY.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nwIkMcYg.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BMksEAcY.bat (0 bytes)
The process %original file name%.exe:2652 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HGAUksMo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cKQIUIUE.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HGAUksMo.bat (0 bytes)
The process %original file name%.exe:2844 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IkEUEMQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rioUMEoU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oIMwwgwM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZKkMQwUY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oIMwwgwM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZKkMQwUY.bat (0 bytes)
The process %original file name%.exe:1260 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IaoUEMgY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ogEMksUU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IaoUEMgY.bat (0 bytes)
The process %original file name%.exe:2280 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aEUosYEQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PQIEggEY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aEUosYEQ.bat (0 bytes)
The process %original file name%.exe:2968 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SEEIYwgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dSEAIgYc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dSEAIgYc.bat (0 bytes)
The process %original file name%.exe:2840 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vQYoMwoY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UYYYIYEA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UYYYIYEA.bat (0 bytes)
The process %original file name%.exe:3320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EYgAYcMY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kKIkAkQM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EYgAYcMY.bat (0 bytes)
The process %original file name%.exe:4024 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mUEEYEoE.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LCAgQYYs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mUEEYEoE.bat (0 bytes)
The process %original file name%.exe:2096 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mQwYAQYs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\doQksAII.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FOsAsYok.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mQwYAQYs.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FOsAsYok.bat (0 bytes)
The process %original file name%.exe:4020 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zAscUIMM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYcsAAsQ.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zAscUIMM.bat (0 bytes)
The process %original file name%.exe:2092 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nIcEYcMU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DQwYIcQM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DQwYIcQM.bat (0 bytes)
The process %original file name%.exe:3656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yOkskYAA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GqEYwAQE.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yOkskYAA.bat (0 bytes)
The process %original file name%.exe:3044 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TUsgEowQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EaYkQIEM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TUsgEowQ.bat (0 bytes)
The process %original file name%.exe:3652 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YOAssYUs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oEMgMAgg.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YOAssYUs.bat (0 bytes)
The process %original file name%.exe:3556 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mYAoscMA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NqwAYMAw.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mYAoscMA.bat (0 bytes)
The process %original file name%.exe:1948 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JYoEsQYQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rOsQEEYw.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JYoEsQYQ.bat (0 bytes)
The process %original file name%.exe:2320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LCAgIIEc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YcUcMUYY.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LCAgIIEc.bat (0 bytes)
The process %original file name%.exe:2592 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\naMQoUwA.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vMokUgcw.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vMokUgcw.bat (0 bytes)
The process %original file name%.exe:1940 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tscEYQoQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sSgsAcos.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tscEYQoQ.bat (0 bytes)
The process %original file name%.exe:2480 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dOAcAgQM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZuoAIYMI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZuoAIYMI.bat (0 bytes)
The process %original file name%.exe:2400 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GGAogAwU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mGAYAooA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mGAYAooA.bat (0 bytes)
The process %original file name%.exe:3804 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\acAYkUAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sgQkkEYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UwcocYAM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PsQQgEks.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\acAYkUAU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PsQQgEks.bat (0 bytes)
The process %original file name%.exe:2244 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ACIEgcQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KqAgYUYY.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KqAgYUYY.bat (0 bytes)
The process %original file name%.exe:2240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yyIAsYYA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HmAUogIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jeokcEgw.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VwMYgMYc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HmAUogIE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VwMYgMYc.bat (0 bytes)
The process %original file name%.exe:816 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HGkMYUoM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cAQoYcMQ.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cAQoYcMQ.bat (0 bytes)
The process %original file name%.exe:3836 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gOgIQkkw.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kGEYEQIo.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gOgIQkkw.bat (0 bytes)
The process %original file name%.exe:336 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UOwUkQgs.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qkIQcooc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qkIQcooc.bat (0 bytes)
The process %original file name%.exe:3764 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BAEwgQIc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oOkogEgk.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BAEwgQIc.bat (0 bytes)
The process %original file name%.exe:3768 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JYssgwcI.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EoYUUAYI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EoYUUAYI.bat (0 bytes)
The process %original file name%.exe:3492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VYQgEsAs.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JywEokow.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VYQgEsAs.bat (0 bytes)
The process %original file name%.exe:2656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OaAsQsoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iuEkMcwk.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OaAsQsoU.bat (0 bytes)
The process %original file name%.exe:1956 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bCQsQAYQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZOwEMcoA.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bCQsQAYQ.bat (0 bytes)
The process %original file name%.exe:4036 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\pSQYYAIc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fCocgooY.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fCocgooY.bat (0 bytes)
The process %original file name%.exe:3408 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gIMkIYUY.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZeMQEAko.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gIMkIYUY.bat (0 bytes)
The process %original file name%.exe:3672 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kIkoMkUU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MowkcEcI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MowkcEcI.bat (0 bytes)
The process %original file name%.exe:2452 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GoQIookk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LaswEYMc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LaswEYMc.bat (0 bytes)
The process %original file name%.exe:3640 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uickkkcQ.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GmEEYgQo.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GmEEYgQo.bat (0 bytes)
The process %original file name%.exe:2552 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oeUkUUYE.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bGQQIcwM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oeUkUUYE.bat (0 bytes)
The process %original file name%.exe:1060 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jeMYMYQc.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NYgMUMEM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NYgMUMEM.bat (0 bytes)
The process %original file name%.exe:2992 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IsggMMwM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UUcAoAYg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UUcAoAYg.bat (0 bytes)
The process %original file name%.exe:3240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cmUMQcsw.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GsEMQAwM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GsEMQAwM.bat (0 bytes)
The process %original file name%.exe:2396 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xsQscAkc.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZukEsAIs.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZukEsAIs.bat (0 bytes)
The process %original file name%.exe:2412 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rQksgwIU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aoscQUEM.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aoscQUEM.bat (0 bytes)
The process %original file name%.exe:532 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oKMkgwQQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BCwIYIsA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BCwIYIsA.bat (0 bytes)
The process %original file name%.exe:296 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XsIQoQYk.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bQEYQkUI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bQEYQkUI.bat (0 bytes)
The process %original file name%.exe:3848 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AAgskYkI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xokokIkI.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AAgskYkI.bat (0 bytes)
The process %original file name%.exe:1380 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KakYEkYc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ROQMgkoE.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ROQMgkoE.bat (0 bytes)
The process %original file name%.exe:2252 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VQMwEsow.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IMkQIMMM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IMkQIMMM.bat (0 bytes)
The process %original file name%.exe:1908 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nesYAIUc.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZGYAIMQY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZGYAIMQY.bat (0 bytes)
The process %original file name%.exe:196 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jYEcIAMU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TQgEwsEQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TQgEwsEQ.bat (0 bytes)
The process %original file name%.exe:3944 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KqssMAgk.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jQckIcoQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KqssMAgk.bat (0 bytes)
The process %original file name%.exe:1924 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dqgUkogU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FYgUooYA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FYgUooYA.bat (0 bytes)
The process %original file name%.exe:3148 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\goEIQQQQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AEUYkogM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\goEIQQQQ.bat (0 bytes)
The process %original file name%.exe:2068 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RQocoIAI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\poAsoksQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\poAsoksQ.bat (0 bytes)
The process %original file name%.exe:3384 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dWIAgsww.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LqYMwQAk.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LqYMwQAk.bat (0 bytes)
The process %original file name%.exe:628 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SmIAIEAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LsUMoIAc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LsUMoIAc.bat (0 bytes)
The process %original file name%.exe:2300 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AqUsAggo.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kSMgMkcE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AqUsAggo.bat (0 bytes)
The process %original file name%.exe:4048 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YMAYUEgo.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CuckIkoI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CuckIkoI.bat (0 bytes)
The process %original file name%.exe:2380 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WCQMIsMs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sWAMQYgU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sWAMQYgU.bat (0 bytes)
The process %original file name%.exe:1652 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AgcYEgYw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wIkIIQwA.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AgcYEgYw.bat (0 bytes)
The process %original file name%.exe:2072 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SigQMIwc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lSAogUoA.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SigQMIwc.bat (0 bytes)
The process %original file name%.exe:2668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tkAggsgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LGkAgAUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oEIgQQMQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bGUsUcks.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oEIgQQMQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bGUsUcks.bat (0 bytes)
The process %original file name%.exe:308 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wUkAIkoU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\peoIIEkc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wUkAIkoU.bat (0 bytes)
The process %original file name%.exe:2440 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QyAwosIU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GywYksME.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GywYksME.bat (0 bytes)
The process %original file name%.exe:2768 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fyAkUAIg.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JKckQUUI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fyAkUAIg.bat (0 bytes)
The process %original file name%.exe:3816 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hWwoAAUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CkMswcAA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CkMswcAA.bat (0 bytes)
The process %original file name%.exe:2936 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uMYsYQYg.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LCAMYAoQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uMYsYQYg.bat (0 bytes)
The process %original file name%.exe:1336 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\COowEQUI.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tOMEoAQE.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tOMEoAQE.bat (0 bytes)
The process %original file name%.exe:2284 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VMccwoEU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jYcUgYkQ.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jYcUgYkQ.bat (0 bytes)
The process %original file name%.exe:1632 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tckUUUIY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CggMEsEY.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tckUUUIY.bat (0 bytes)
The process %original file name%.exe:2884 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yaEEwIwg.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kGIEkIQI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kGIEkIQI.bat (0 bytes)
The process %original file name%.exe:3264 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UqsMAMkA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yooMMkQY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UqsMAMkA.bat (0 bytes)
The process %original file name%.exe:3552 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ymMMYcwM.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RkAokEEg.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ymMMYcwM.bat (0 bytes)
The process %original file name%.exe:4056 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QegwskMs.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UUoEYoIo.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QegwskMs.bat (0 bytes)
The process %original file name%.exe:3464 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bgAQQMsQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lIUAAEgM.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lIUAAEgM.bat (0 bytes)
The process %original file name%.exe:1636 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PsYcYYow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FmMcwYkM.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FmMcwYkM.bat (0 bytes)
The process %original file name%.exe:3460 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CyEcIsYc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XmMwMckQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XmMwMckQ.bat (0 bytes)
The process %original file name%.exe:3500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zWgwYoAk.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sagIIgcc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zWgwYoAk.bat (0 bytes)
The process %original file name%.exe:2572 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zqQcsMMA.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsIIMsYk.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RsIIMsYk.bat (0 bytes)
The process %original file name%.exe:1648 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GKsIEgkg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UmsMYEYg.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UmsMYEYg.bat (0 bytes)
The process %original file name%.exe:1240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FugwQUMM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MeoQAggY.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FugwQUMM.bat (0 bytes)
The process %original file name%.exe:2676 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zicokgcE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nqkEQsUA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nqkEQsUA.bat (0 bytes)
The process %original file name%.exe:436 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UAYIIQIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KWoQUQMY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AOscQUYc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LyowocII.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AOscQUYc.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LyowocII.bat (0 bytes)
The process %original file name%.exe:3220 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MsgMoMoI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MkwIEcgk.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MsgMoMoI.bat (0 bytes)
The process %original file name%.exe:2372 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nCoEsYcY.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rEgIoYAg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rEgIoYAg.bat (0 bytes)
The process %original file name%.exe:2616 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IwYQUQgU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BQYYAAkc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IwYQUQgU.bat (0 bytes)
The process %original file name%.exe:3596 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RmscUoQo.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dgQEocQY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RmscUoQo.bat (0 bytes)
The process %original file name%.exe:3616 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GQIsEEoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gsYMowUU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dcgcQosA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xQsYIocM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gsYMowUU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dcgcQosA.bat (0 bytes)
The process %original file name%.exe:3232 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rAIQQMwE.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PoMokkss.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PoMokkss.bat (0 bytes)
The process %original file name%.exe:2920 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bOAgQUwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xqMkYEAo.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xqMkYEAo.bat (0 bytes)
The process %original file name%.exe:2456 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oqMgQMYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lygMYQss.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lygMYQss.bat (0 bytes)
The process %original file name%.exe:2924 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rCswwQgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JcgIsAUM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JcgIsAUM.bat (0 bytes)
The process %original file name%.exe:456 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\okEwUgMY.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dMsMAAIY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\okEwUgMY.bat (0 bytes)
The process %original file name%.exe:332 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WakEwkkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JAoEUEUI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JAoEUEUI.bat (0 bytes)
The process %original file name%.exe:3604 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gscEYoUw.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SwQkYAMA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SwQkYAMA.bat (0 bytes)
The process %original file name%.exe:3124 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wEEMsMIU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RkUEogQg.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wEEMsMIU.bat (0 bytes)
The process %original file name%.exe:2196 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JwEMAwco.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ROMMAIoI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JwEMAwco.bat (0 bytes)
The process %original file name%.exe:3008 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TmoIIYok.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mQUEYMcQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TmoIIYok.bat (0 bytes)
The process %original file name%.exe:1900 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JaQQQAUg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sucwMAok.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xwwUMgMw.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pUYYkYMg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xwwUMgMw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pUYYkYMg.bat (0 bytes)
The process %original file name%.exe:2472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mwoUUQok.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TAIoQQMs.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TAIoQQMs.bat (0 bytes)
The process %original file name%.exe:2200 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nKgcQAgs.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KwkcwkoA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KwkcwkoA.bat (0 bytes)
The process %original file name%.exe:2568 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NuEoAYIA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LiksMkkI.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LiksMkkI.bat (0 bytes)
The process %original file name%.exe:3216 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\msIkoIEM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gIEEwoQE.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gIEEwoQE.bat (0 bytes)
The process %original file name%.exe:2052 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zMEAIQIE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DowAgooQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DowAgooQ.bat (0 bytes)
The process %original file name%.exe:4064 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qsAkwswk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iQEswoAc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iQEswoAc.bat (0 bytes)
The process %original file name%.exe:2056 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eucYQock.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eqQQEEQs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eucYQock.bat (0 bytes)
The process %original file name%.exe:3512 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qUcMAsUg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JyAMwsEw.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qUcMAsUg.bat (0 bytes)
The process %original file name%.exe:3692 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MsIEkMkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tAYQUwMA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tAYQUwMA.bat (0 bytes)
The process %original file name%.exe:1584 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ccEkEEIw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xeIgsoEg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VmUgkwsg.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SyYUAwsE.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xeIgsoEg.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SyYUAwsE.bat (0 bytes)
The process %original file name%.exe:656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KgsosYQM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ywUQsIwY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ywUQsIwY.bat (0 bytes)
The process %original file name%.exe:652 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eSEwMgQc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EuQQIcMA.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eSEwMgQc.bat (0 bytes)
The process %original file name%.exe:2368 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kCgkEQgo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\heUoIEMk.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kCgkEQgo.bat (0 bytes)
The process %original file name%.exe:2684 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QwwwMgss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rUYMokkk.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QwwwMgss.bat (0 bytes)
The process %original file name%.exe:3084 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gGsEIggU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VYoIogoU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VYoIogoU.bat (0 bytes)
The process %original file name%.exe:2112 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WEAkYoEU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fgwgwwgI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WEAkYoEU.bat (0 bytes)
The process %original file name%.exe:2364 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Lmcwkowg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZOQsMMwo.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZOQsMMwo.bat (0 bytes)
The process %original file name%.exe:3896 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KCMAUYUs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CoAkEcgQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CoAkEcgQ.bat (0 bytes)
The process %original file name%.exe:3080 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MAsoEEAw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qeUMUMUI.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MAsoEEAw.bat (0 bytes)
The process %original file name%.exe:2116 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UMMooEwQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GWggkcYE.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GAoAIcQU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kiAsIwww.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GWggkcYE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GAoAIcQU.bat (0 bytes)
The process %original file name%.exe:1212 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SiYkUsUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mYgkoUkA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mYgkoUkA.bat (0 bytes)
The process %original file name%.exe:2584 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IKAYogsg.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zqowMQkY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zqowMQkY.bat (0 bytes)
The process %original file name%.exe:2580 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OOgIsYcA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qogIYEYE.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OOgIsYcA.bat (0 bytes)
The process %original file name%.exe:2628 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EOkMQIQI.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sAAgQUAo.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sAAgQUAo.bat (0 bytes)
The process %original file name%.exe:3608 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aoUwQwMI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HAEoAQcQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aoUwQwMI.bat (0 bytes)
The process %original file name%.exe:3072 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sIwMEwsQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gEsEQUEU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sIwMEwsQ.bat (0 bytes)
The process %original file name%.exe:2180 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xCcwgIgM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YogUMkcs.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xCcwgIgM.bat (0 bytes)
The process %original file name%.exe:3728 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UQoMgwYU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tkYEAMYU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tkYEAMYU.bat (0 bytes)
The process %original file name%.exe:3112 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oAwEQocY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NuckEQcU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NuckEQcU.bat (0 bytes)
The process %original file name%.exe:3528 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LAEEokEw.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JQAAswsI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LAEEokEw.bat (0 bytes)
The process %original file name%.exe:3884 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jAkskQsU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FsUQIIUc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FsUQIIUc.bat (0 bytes)
The process %original file name%.exe:2896 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qsEAYgEQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UwkksUAs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qsEAYgEQ.bat (0 bytes)
The process %original file name%.exe:2892 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AmIIcYgg.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iGAYgAwE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AmIIcYgg.bat (0 bytes)
The process %original file name%.exe:3212 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AWMQgkMw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AGgEYMks.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AWMQgkMw.bat (0 bytes)
The process %original file name%.exe:2516 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fyEksIsU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XsEIUwQs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fyEksIsU.bat (0 bytes)
The process %original file name%.exe:2080 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IAwAkgcM.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qKIEsQkY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IAwAkgcM.bat (0 bytes)
The process %original file name%.exe:4080 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NWcAYsQY.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HsQQYoEE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NWcAYsQY.bat (0 bytes)
The process %original file name%.exe:2736 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gywYwQsY.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hSEAEoEA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hSEAEoEA.bat (0 bytes)
The process %original file name%.exe:3864 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AeMYgEEM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ACgYcooA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ACgYcooA.bat (0 bytes)
The process %original file name%.exe:1928 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MgAUYocw.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lgAcssco.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lgAcssco.bat (0 bytes)
The process %original file name%.exe:2948 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xGcUkAks.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BGwIkscM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xGcUkAks.bat (0 bytes)
The process %original file name%.exe:232 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qUoYkssU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iWQQcgMY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iWQQcgMY.bat (0 bytes)
The process %original file name%.exe:2136 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GcwkIAMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RQEgQIQs.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RQEgQIQs.bat (0 bytes)
The process %original file name%.exe:3348 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lIMkcEAk.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oywIwYow.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oywIwYow.bat (0 bytes)
The process %original file name%.exe:2132 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SGcQwAQk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HEkYoUsU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HEkYoUsU.bat (0 bytes)
The process %original file name%.exe:3100 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KUIQEgMQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fgcYgEEY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KUIQEgMQ.bat (0 bytes)
The process %original file name%.exe:1612 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OmMUgkME.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xoUUIEMc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xoUUIEMc.bat (0 bytes)
The process %original file name%.exe:3184 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iSAskYwk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vAkQgIoE.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vAkQgIoE.bat (0 bytes)
The process %original file name%.exe:320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SWUwUAAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aaAwAEAQ.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SWUwUAAU.bat (0 bytes)
The process %original file name%.exe:2508 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\huMwssgc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PosYcAUc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\huMwssgc.bat (0 bytes)
The process %original file name%.exe:2748 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EUscEYYM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SMcYMUcA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SMcYMUcA.bat (0 bytes)
The process %original file name%.exe:3872 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OesMsIQw.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQIcskQw.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WQIcskQw.bat (0 bytes)
The process %original file name%.exe:2500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cAkMUoYw.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QekMQcsI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cAkMUoYw.bat (0 bytes)
The process %original file name%.exe:3916 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qOwIAoEc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QIowwkoc.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qOwIAoEc.bat (0 bytes)
The process %original file name%.exe:204 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ikMIsMEM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QeYwgAMg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QeYwgAMg.bat (0 bytes)
The process %original file name%.exe:2640 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UCEMkQQM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\auEoAEEY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\auEoAEEY.bat (0 bytes)
The process %original file name%.exe:3476 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gKgYckcs.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\liAYUMMY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gKgYckcs.bat (0 bytes)
The process %original file name%.exe:3052 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WukUIMQw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nMwooAwg.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WukUIMQw.bat (0 bytes)
The process %original file name%.exe:3704 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dOAgcUIg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\coswwkcw.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\coswwkcw.bat (0 bytes)
The process %original file name%.exe:3780 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tuEwAsso.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tkkEwMgs.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tkkEwMgs.bat (0 bytes)
The process %original file name%.exe:1804 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ncQUcoIY.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iigwMMAk.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iigwMMAk.bat (0 bytes)
The process %original file name%.exe:3788 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IOsYsoEU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\liUYEgsM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IOsYsoEU.bat (0 bytes)
The process %original file name%.exe:3524 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WUMgwIUA.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LMYwcUso.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LMYwcUso.bat (0 bytes)
The process %original file name%.exe:3424 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VaEUkMwU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nmAUYcQI.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nmAUYcQI.bat (0 bytes)
The process %original file name%.exe:472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YUkoAIYI.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zMIUskgI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YUkoAIYI.bat (0 bytes)
The process %original file name%.exe:3196 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lcgwkcog.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zuYcYYIE.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zuYcYYIE.bat (0 bytes)
The process %original file name%.exe:808 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QAEAkwQE.bat (112 bytes)
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe (3825 bytes)
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe (4137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LsUoEUQc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe (3921 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LsUoEUQc.bat (0 bytes)
The process NesIMIQs.exe:1208 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (7726 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (2321 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (30812 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (2321 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (3073 bytes)
C:\totalcmd\TcUsbRun.exe (3073 bytes)
C:\totalcmd\TCUNINST.EXE.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\KAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (3361 bytes)
C:\totalcmd\TCMDX32.EXE.exe (3361 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (5441 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (2321 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp (0 bytes)
C:\totalcmd\TCUNINST.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp (0 bytes)
C:\totalcmd\TCMADMIN.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg (0 bytes)
C:\totalcmd\TCMDX32.EXE (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg (0 bytes)
C:\totalcmd\TOTALCMD.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp (0 bytes)
Registry activity
The process cscript.exe:2712 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "29 C7 45 DA 98 2B 37 A9 FE DA F6 64 23 94 49 52"
The process cscript.exe:2964 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E E2 A2 B1 B9 2D FD A9 10 35 F7 47 3F 56 23 EF"
The process cscript.exe:3576 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "60 C6 BB 80 C4 C7 47 29 10 BC 15 3E C4 B7 2B 52"
The process cscript.exe:212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 5B 2A 56 41 07 EC A2 51 6F F8 28 6E A3 B1 C7"
The process cscript.exe:3712 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 0C 7B D7 F5 B4 E2 18 F5 9F 1A A3 9B 99 B7 10"
The process cscript.exe:2844 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D C6 9D 49 DA 49 90 94 5F D2 8D 28 D8 7E E2 F2"
The process cscript.exe:1308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 CC 23 B9 5F 42 E8 09 86 FA 77 D4 78 41 ED 78"
The process cscript.exe:2096 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6D 3C 3B C4 B2 7F 7C D2 53 81 75 A1 CA 1C 14 81"
The process cscript.exe:2092 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A 9F 34 85 BB AC 58 5E 5D 5D D8 3A 83 A3 1C 81"
The process cscript.exe:3652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 B6 0C F7 2D A0 77 85 8A 37 8E 0A FD 7A E1 27"
The process cscript.exe:2524 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B D7 22 81 73 1F F8 F4 45 5E AA 77 D4 5F 54 45"
The process cscript.exe:3172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B3 C8 54 2E FC DA 64 E5 F1 98 96 CD C0 93 E0 3C"
The process cscript.exe:3856 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 A4 90 60 4D 24 AA C6 B2 85 B3 64 E8 27 DE C0"
The process cscript.exe:2404 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF C6 BB 31 25 9A 1E F7 2A 40 CC 56 E6 5C B0 B9"
The process cscript.exe:3852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E 0E B7 23 89 CC DB 7A 18 EC 5C D5 09 88 D5 47"
The process cscript.exe:2400 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F5 46 7D 13 85 41 19 6A 41 5C 57 53 B0 32 B7 A9"
The process cscript.exe:1676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 88 25 50 F4 BD 42 03 00 5C 64 94 83 2E ED 9E"
The process cscript.exe:2464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 6A 15 03 57 AD B3 15 BA 3E F8 37 59 C2 E9 80"
The process cscript.exe:1316 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 A2 8E CA 9C 02 04 18 7D 05 42 23 05 CC 2B 7F"
The process cscript.exe:3884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 D3 22 D4 B2 1A 38 DF 67 18 49 25 DA 76 71 1E"
The process cscript.exe:1920 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 E9 C3 FE 0A F3 C4 78 5B 46 6C CC EC 29 58 29"
The process cscript.exe:3936 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 AA A1 9D 2C A5 5F 75 69 D2 27 3A 60 EB B9 7F"
The process cscript.exe:1796 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 EC 27 28 9D FD 08 89 35 6C B6 90 60 35 D9 30"
The process cscript.exe:3332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "62 A0 7E 87 BB 3C 0F A6 89 C3 FA 31 B3 79 2C 57"
The process cscript.exe:1496 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FF 34 E3 0F B0 14 72 31 0B 06 26 10 DE CA 69 1D"
The process cscript.exe:264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 58 80 9F B9 7C 1C 16 C3 F3 DC 1C 29 60 D5 69"
The process cscript.exe:3408 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 3B 72 9F 4B B6 81 EE 83 75 B9 28 C4 7C 44 35"
The process cscript.exe:3756 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 E5 5E 6F 35 70 36 D0 A5 C1 8E 3D 27 4B F3 E5"
The process cscript.exe:3248 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 B4 84 4F C5 12 62 D5 73 88 EB 68 03 D2 BC 15"
The process cscript.exe:2556 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 9B CB 81 4F D0 31 83 5D BB B6 87 6E A2 74 40"
The process cscript.exe:2492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 4A 48 34 78 F4 DF 3D F9 90 61 0B C9 7C 9E 8C"
The process cscript.exe:3032 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 E0 37 07 F3 E5 E1 D4 AE D3 F0 D2 53 DB 01 37"
The process cscript.exe:3244 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE C9 BE D3 18 70 EA 79 D5 00 07 0A DD CD E9 B5"
The process cscript.exe:2416 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 3E 22 40 47 B7 BF AD 49 34 30 F4 A2 4D 45 CB"
The process cscript.exe:2060 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D5 5D A0 23 0C 9A C5 90 6B AA 70 C4 52 83 94 A1"
The process cscript.exe:2256 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 DA 3D FB C9 C7 26 26 34 FA F2 F3 87 19 F0 B0"
The process cscript.exe:2148 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 F6 03 E2 67 06 C8 6B 79 0B F3 DE E8 78 75 91"
The process cscript.exe:3772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 48 DE 3C BE D2 46 43 31 9B 94 D4 A4 4C 10 CF"
The process cscript.exe:3776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 3D F1 2C 1C 6F 36 41 A4 0F D0 D1 4C 41 50 C3"
The process cscript.exe:1324 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 A3 DE A9 FF 5B 05 C6 94 C0 1F EF 38 2B D9 60"
The process cscript.exe:3628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C EC 81 A2 2E 0F BC 00 EA BC 41 FF 92 24 FA 51"
The process cscript.exe:2908 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 0A 9B F8 D3 B4 33 2E B9 59 AD 08 E3 C5 38 2B"
The process cscript.exe:3828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CB 32 5A F0 A2 23 77 46 03 F7 F5 FC C0 D1 DE 95"
The process cscript.exe:332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B2 2E 76 43 97 E7 C3 8D 95 6F 88 B7 BE B8 0B C3"
The process cscript.exe:3272 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 BE F2 13 07 F4 FA 18 8F 4A ED 06 75 6E FC 4E"
The process cscript.exe:2824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 85 86 EB C4 90 CC 76 50 D9 74 28 49 90 2E 64"
The process cscript.exe:3676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 6F 4E 93 C3 D9 7F 8A 9B 66 F5 FE EB CC 55 AE"
The process cscript.exe:4044 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE AC 62 93 28 8B 82 6E FF 2B 3F 5F E9 5E 05 B0"
The process cscript.exe:1712 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 04 E2 58 4A 88 87 F8 5B 12 4F E9 EF 25 08 67"
The process cscript.exe:2780 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB C6 20 A2 4A CB 2C 01 8F 44 48 E3 F8 A1 52 8F"
The process cscript.exe:2544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 77 A2 FA ED F9 21 44 03 59 3D 45 70 FE EB 94"
The process cscript.exe:2300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 74 CD 05 FF A3 34 C7 16 58 0E 80 31 7E F4 BC"
The process cscript.exe:2980 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 22 A8 9F BC 84 F8 37 BD ED D0 2A 56 42 CF 50"
The process cscript.exe:2304 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B 08 9F 61 26 50 7C 07 BD 31 72 0C 29 E2 47 C5"
The process cscript.exe:2268 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D2 4B CB DA 37 23 25 DB D7 C8 46 CB 6E 5C 1D BC"
The process cscript.exe:2388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 06 76 C5 F8 26 62 0D 78 1A AA EB 8C 41 80 EF"
The process cscript.exe:364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 20 69 6F 78 B9 63 1D B8 FA 39 E3 70 B7 1C CF"
The process cscript.exe:2076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 78 E8 D6 29 A0 41 61 D1 81 4A FB 04 6D D6 27"
The process cscript.exe:2288 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 E4 3B 28 B0 5B 33 53 00 1A 9D 58 AC 27 02 F5"
The process cscript.exe:3664 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 09 68 FF 48 74 E3 D8 D6 D4 2C 85 D2 3E 5F FD"
The process cscript.exe:2444 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 76 8C E6 19 F6 B5 17 C5 B5 0F 5D 62 54 D7 03"
The process cscript.exe:3952 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 E8 22 D3 9F AA 9A 89 87 0F CA CD 4E 41 0B CB"
The process cscript.exe:2932 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C 96 85 D1 2C AF 2A 97 94 33 D4 18 AD AE FA D5"
The process cscript.exe:3956 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE C6 78 23 22 D8 71 25 C8 1C 47 69 D3 7D 2A CA"
The process cscript.exe:3152 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C 57 C6 41 42 58 5C DF 3C 3A 28 12 1F 3F 67 4C"
The process cscript.exe:3456 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AD 50 5E 61 D2 EE 67 A0 CC 0E 98 E5 14 19 A4 6F"
The process cscript.exe:3312 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "15 87 DC 6F BE 0C 58 F3 79 BA B9 0E D1 A1 4D 2A"
The process cscript.exe:2832 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 DF D1 5B 9F F2 0F 05 E5 6F 17 83 A4 F8 C8 29"
The process cscript.exe:3316 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 89 16 9A AD 95 89 D8 A1 84 C3 50 EC 1A 92 42"
The process cscript.exe:2452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 2F 6A 62 C6 93 16 74 AA BA 39 6E BF F8 F5 FB"
The process cscript.exe:4056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 7F BA 89 91 EC E1 AB 4D 53 2A 4A D0 15 9B 94"
The process cscript.exe:2044 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E C4 37 3D 53 AB 43 8E 7C E8 29 1E 9A 08 6F 39"
The process cscript.exe:3464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC F3 22 C6 BB F6 C0 9D 20 D3 A0 15 3C C6 90 AF"
The process cscript.exe:3212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF 07 EF 99 60 C4 04 6F E7 C0 E9 D0 D7 F5 3B 9B"
The process cscript.exe:3396 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 C9 90 A4 83 67 DE D1 C6 B2 B4 6A DD 00 4C AE"
The process cscript.exe:3012 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 79 CD 64 72 36 2A 43 79 EA A6 89 7D DF E6 56"
The process cscript.exe:3504 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 0E AE 9A 09 A0 3E DC A5 85 88 79 85 DD E5 53"
The process cscript.exe:1240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF 2B 02 D2 EA 2D 56 F9 3C 5F D4 0C 93 36 A3 0D"
The process cscript.exe:2168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 F9 1C C8 12 68 75 90 65 B9 C8 02 6E 61 FC 12"
The process cscript.exe:3512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E 10 F7 8D 37 0D 44 AE A8 0D 98 6B DB 33 70 A9"
The process cscript.exe:432 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 63 F7 01 EA 11 E2 2E 04 6A 2B 3E F1 4E 4F DE"
The process cscript.exe:2616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B 6D FD 38 5D 60 11 3D B0 1B 17 0F 91 9F 09 1A"
The process cscript.exe:3612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D F2 BA 1A 2E 59 9D D5 EB 41 A3 78 AE 1C C9 D7"
The process cscript.exe:2612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 A9 D5 B5 0C 46 6A 72 84 4F D5 97 22 3A 26 2B"
The process cscript.exe:624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA 6C BC 33 E4 28 3F 3F D1 7D 07 E8 05 58 C8 4B"
The process cscript.exe:3804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 7A 80 EC 14 59 60 59 E3 F3 F7 1F 00 24 C9 5F"
The process cscript.exe:2296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 8D 83 5F C7 B1 4D 01 36 B9 A3 D4 11 6B 22 97"
The process cscript.exe:1228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 FE 3D 58 5A C1 67 A2 AF 48 BB 3B F8 7E 48 3C"
The process cscript.exe:3004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 9A 08 5F C7 A4 D3 98 A1 E1 71 C5 B4 22 7B 78"
The process cscript.exe:2808 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 81 A0 D2 74 DB 18 9F 84 7E B4 57 5F A7 A9 CE"
The process cscript.exe:3268 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B ED 25 0F 93 C1 2A 0C 06 C9 F8 06 E5 53 64 8B"
The process cscript.exe:252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 8C E3 2F BF FC 2F 71 67 DC 27 C3 55 9C 97 20"
The process cscript.exe:4084 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B 72 B9 2E D2 F1 A4 63 5A 62 D2 EA 3B 98 4E F0"
The process cscript.exe:172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 0B AF 3E D3 BD 84 8B 6C 10 35 6E E4 23 30 4B"
The process cscript.exe:1632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B9 B7 00 33 56 7D 23 2F F4 06 13 17 C9 93 B7 AC"
The process cscript.exe:2204 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FE 3D 6B 53 5B 14 C0 A8 28 23 8C 2E 11 94 5E F3"
The process cscript.exe:1980 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 74 7F E3 C6 C4 7A 42 85 FD E5 73 68 94 0D 14"
The process cscript.exe:2056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 51 F6 CF EC 32 37 2F 0E E3 2E 8D 9D 54 AB AD"
The process cscript.exe:2560 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D D9 B1 70 E4 D3 5E 3F A1 56 0B 19 F3 19 C3 74"
The process cscript.exe:2564 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 7D DD E2 E7 76 E3 87 D7 BE 34 7C 8C 9E D2 84"
The process cscript.exe:3088 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 DC 98 92 34 6E E6 0F D2 FE 4E D8 66 01 6D A0"
The process cscript.exe:2368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 FA 90 46 52 09 78 9E F3 05 B9 3C A4 5C 98 C8"
The process cscript.exe:2112 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A6 B8 0E B6 B3 5E B4 48 99 EE AA 53 06 B5 D6 70"
The process cscript.exe:3080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 F2 C3 D8 FF 38 84 5B CB 64 DA 54 8B B1 B3 9B"
The process cscript.exe:2360 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE DE 33 66 44 A9 84 01 F9 B5 B4 35 B9 C8 F3 9F"
The process cscript.exe:2428 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 79 2B 9D D2 93 FF 1C 60 DB 16 E6 2A BB A9 D3"
The process cscript.exe:3860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 2E 54 0B 1E 3A 14 1C 27 F6 C0 20 C0 3F E9 C5"
The process cscript.exe:2152 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4B ED 37 A1 DF 6D CF 0C 21 39 29 50 4D E9 71 38"
The process cscript.exe:636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 0F A7 3E 31 42 52 F1 1C AE F6 D6 C4 D5 23 BA"
The process cscript.exe:564 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 D6 AB 59 68 8D C3 E7 83 EA 5D 05 BE 82 54 90"
The process cscript.exe:2180 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 FE F1 8C 85 9F 2D CB 84 47 6E D7 B9 6E 0E 56"
The process cscript.exe:2184 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "24 83 D8 03 59 0A 7B 7B 09 0F C0 7A 3C B5 B8 C9"
The process cscript.exe:3724 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DB 75 6F C3 64 AC 5F A6 96 E4 5E 6B 9C C4 90 28"
The process cscript.exe:3284 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 10 B8 A5 F4 B6 14 E6 B4 30 1F 6A 3D 31 CE 0A"
The process cscript.exe:160 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE D4 B7 66 D9 43 7B B0 D3 8A F4 39 B5 08 04 70"
The process cscript.exe:3280 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 C7 DF CD 91 C4 DE BC D8 0E F9 7F C9 B0 89 DB"
The process cscript.exe:2212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DD C9 6E 80 FB 8B FD DF 9C 80 2F C1 C7 40 F1 CD"
The process cscript.exe:3448 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 81 F7 75 CC 83 C7 F3 7A E8 0C F4 AC FB CD 0D"
The process cscript.exe:3376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "82 68 88 48 5C 49 6F C1 40 F5 BA F8 7D 12 C3 AA"
The process cscript.exe:3964 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "82 15 B4 2B BE 9D 51 49 EF 2F 9C 8D 40 9C 57 A7"
The process cscript.exe:2752 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CA 43 65 9F 61 F0 28 BB 06 B5 F5 5B 00 0C 9F FD"
The process cscript.exe:2352 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE 07 DC 58 12 7D 7D 1B B6 CC 8B 88 E5 60 81 D0"
The process cscript.exe:2100 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C 0A 62 BA AA 7B 54 BB 4B B5 1F 00 A1 2A C5 C1"
The process cscript.exe:2692 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 AD AC C1 FC 63 3B 0C C1 A6 7C 63 FE AB 13 4A"
The process cscript.exe:3968 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 44 E3 3F 55 91 E3 86 B4 32 91 D7 3E F0 CE 4C"
The process cscript.exe:2104 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E 0D DB A2 26 8C 90 80 50 97 3D CF A0 F9 39 B3"
The process cscript.exe:2864 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC 70 08 38 38 D8 12 C6 86 D7 23 DD BA 09 C3 89"
The process cscript.exe:2732 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 3A DD 0A B8 89 6E F1 C0 8D F1 AA A4 2F 0D BE"
The process cscript.exe:2868 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 C4 7D E3 99 8E C6 84 BA 6B B5 90 96 7F AB 34"
The process cscript.exe:2572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 39 D0 CB D5 52 E9 FB B5 EC F9 7C DB AD BB 2A"
The process cscript.exe:2636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 06 08 65 2C 00 67 FF 9E 74 32 B3 EC 4A F9 FD"
The process cscript.exe:3632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 E3 F0 26 41 89 36 74 22 5B 75 EC 79 3B 7B 6E"
The process cscript.exe:1288 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF 63 BA C9 E0 D2 BA 0B BE E8 37 16 CB 6D 1A 8E"
The process cscript.exe:3148 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 D3 96 11 AF 1C 62 33 82 5A A5 0D D3 FE B7 53"
The process cscript.exe:2816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E AB 53 EB EA 72 AF 3E BF 2B F2 5A 03 8F 06 DA"
The process cscript.exe:2948 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2D 93 90 14 C5 F2 24 86 75 9C 20 C2 BA FF F2 1C"
The process cscript.exe:2940 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 1C 96 34 7A 2B E8 E7 18 DB 41 AA 72 AD B5 0E"
The process cscript.exe:2136 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C A7 0E BC 7C A5 69 DD 68 3E DA B2 82 20 DA EE"
The process cscript.exe:3108 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DB B2 E5 80 6F D2 75 D2 85 0D 2A D6 C8 53 69 F8"
The process cscript.exe:876 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 BA 66 40 E2 F7 DB 40 D0 12 99 8D 25 E8 DA 00"
The process cscript.exe:2224 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C DF C2 5A 85 52 BC 10 4A 55 D8 CA E2 B4 56 94"
The process cscript.exe:2740 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C 22 1D F6 7D 93 4A 41 18 1D 9A B3 0B D3 65 D5"
The process cscript.exe:1752 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 3E A7 93 FE EF A5 F8 65 5C DB 7E D2 DE 5B DA"
The process cscript.exe:644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 F3 01 62 32 BB FD A5 21 F0 03 8A A5 12 8F 87"
The process cscript.exe:4092 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 14 3D E8 EC 73 90 91 57 6E BB 06 8C 01 D8 59"
The process cscript.exe:2872 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0B DE C4 B2 76 E6 9D 83 89 95 46 EC EB 42 1B E4"
The process cscript.exe:2724 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 F1 22 51 0C C8 B9 97 93 52 40 DA 5B 53 0C BA"
The process cscript.exe:3912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C 04 8F 8A B8 C2 17 C6 15 41 54 A1 9C B6 71 52"
The process cscript.exe:3708 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 D3 F9 21 25 EA E5 11 11 7C 9A 50 71 35 D9 A8"
The process cscript.exe:3544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA 79 36 3E 37 0A 5A B6 C1 AE 91 C8 09 DC 4C E3"
The process cscript.exe:2332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D 6D B5 50 DF 85 2B 0A 7B 8E 29 9F 46 A3 9F 63"
The process cscript.exe:3540 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D 42 90 C2 CF 67 81 3D 3E 37 01 35 71 F7 8B C0"
The process cscript.exe:1280 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE 2E 6D 3E AC BC D8 2D 04 E0 27 97 A2 3F E7 D1"
The process cscript.exe:2232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 AB 6C E0 0F CB 11 FB 8C 32 FA B1 A7 98 DE 88"
The process cscript.exe:3220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B3 62 0A 4C 7E E3 3A 69 B0 D7 BA 62 40 D5 5C 40"
The process cscript.exe:3104 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 62 AB 74 BD B3 17 FA 18 1B C7 37 F5 07 69 75"
The process cscript.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 9A 73 8D 50 C1 3C CD DF BF 24 10 06 99 47 93"
The process cscript.exe:476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 B8 59 BC 11 25 DC 88 D0 65 3E 23 DC 99 10 09"
The process cscript.exe:2532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7D 7B 60 1E 13 C4 2E F9 71 AE 0F B2 3D EB E9 D2"
The process fGAwoYMM.exe:772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 24 DC 7A EB 51 96 9A 2A 4F F1 1A 1A 50 E8 F2"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
The process reIEcoQI.exe:1216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 88 9D E6 C8 46 02 6B 00 40 16 D0 B2 0C 1A 4D"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
The process %original file name%.exe:2964 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC BB E9 AA 8B 1D 54 67 21 6A 26 E7 0B CE BE 13"
The process %original file name%.exe:3712 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 D4 3E AF 9B 3F F7 21 D7 1F 5D 14 A4 4F 2F C1"
The process %original file name%.exe:2652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 50 FF 57 4D 68 BA F4 0C 4B 8E D9 1B 03 99 C7"
The process %original file name%.exe:2844 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 9F 28 36 1A FF 31 A7 14 4C 81 58 0B EA B8 85"
The process %original file name%.exe:1260 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 84 FC 6A 53 D0 58 C0 E7 A4 AA 77 15 46 B1 72"
The process %original file name%.exe:2280 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 E9 D3 5E 4F EC 54 EA CA 2D 35 76 7B 31 09 D1"
The process %original file name%.exe:2968 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 1D 34 15 3C FE 6F 69 98 90 1F 65 F9 99 91 FF"
The process %original file name%.exe:2840 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 4B EB 68 28 E7 EF EF 76 BF A1 EB 46 EC 3E 14"
The process %original file name%.exe:3320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 02 DB 30 47 0F 13 47 74 13 0D 0D 32 33 BC 16"
The process %original file name%.exe:4024 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 ED D5 AD 38 DB 64 C7 D4 FD E0 59 83 5E E4 3A"
The process %original file name%.exe:2096 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB BF F9 C2 51 DC 7A 9B 2C BA E7 1D 07 A1 E1 73"
The process %original file name%.exe:4020 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 99 13 ED 9A EF 48 ED 9F E2 91 B8 57 82 80 45"
The process %original file name%.exe:2092 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 26 3B A2 CB 7D 84 3E 53 06 7B 8C 8F 9C 12 56"
The process %original file name%.exe:3656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 27 AC C8 75 17 AA 6D 83 ED B5 4A B3 A1 44 6F"
The process %original file name%.exe:3044 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "38 C0 0F 37 B5 70 EE 6B 4C 9E 55 CA 0F 4B 5C FF"
The process %original file name%.exe:3652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A AA 5B BF 10 0A 7F 38 A0 DD 7B F8 CB 66 30 2D"
The process %original file name%.exe:3556 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 E7 C0 63 CA AC DB 4D DE 98 38 A4 CE 1F AC C4"
The process %original file name%.exe:1948 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E 0D 60 E8 DE 97 59 26 F9 AD A2 07 76 13 72 4A"
The process %original file name%.exe:2320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AE CD 2D 81 37 03 8A 44 39 63 F3 59 50 8D AD 6E"
The process %original file name%.exe:2592 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 0E 01 3D 44 60 C0 C4 AC F7 82 05 14 21 75 A7"
The process %original file name%.exe:1940 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 4B 5C 88 D6 1A 50 33 54 92 BE 87 52 30 76 FF"
The process %original file name%.exe:2480 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 4D 2E 3F AE E7 AA 43 BA 11 55 95 FC F5 07 1E"
The process %original file name%.exe:2400 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FF 2D 27 3C 7A 07 38 C4 94 4C 8F E1 29 64 8B 9A"
The process %original file name%.exe:3804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD 2F B9 CE 8A 06 DD C6 C0 B1 19 25 EA 20 AC 38"
The process %original file name%.exe:2244 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "68 25 2C 79 EC 71 57 04 EA 72 6E 06 49 E3 FF 61"
The process %original file name%.exe:2240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA 31 E9 F7 04 44 3D 5B 64 12 E1 1A D7 E9 94 D0"
The process %original file name%.exe:816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 14 1F BD CD E2 DF 44 70 E3 46 4D 6B A2 2A 59"
The process %original file name%.exe:3836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 42 19 4C B0 E0 E4 48 46 97 20 35 92 B5 4F 55"
The process %original file name%.exe:336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 D0 A9 3C 41 BC 92 DF 5C C7 13 DD A2 9D D2 E5"
The process %original file name%.exe:3764 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 0C B2 5C DC 4F 0F E3 3E 82 61 63 78 14 1E 53"
The process %original file name%.exe:3768 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 60 55 0B 2F 9D 05 9A 93 B5 C2 21 CA F6 21 64"
The process %original file name%.exe:3492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6D 3E 9D A5 16 69 5E 39 E9 B9 70 CB 66 21 16 99"
The process %original file name%.exe:2656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 74 4F 6C 6D 81 B2 64 B4 C7 C6 ED F3 59 18 A9"
The process %original file name%.exe:1956 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 56 C8 00 FD 01 6A B7 5B 6D D0 A9 8B 8C FA FD"
The process %original file name%.exe:4036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 F1 E5 6B 3D 0A E6 B7 E6 B5 47 E8 22 9F 76 9C"
The process %original file name%.exe:3408 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 4B 33 DD B1 7A 02 07 3A EE 8B 98 DC BB 6E 82"
The process %original file name%.exe:3672 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 E3 57 39 C1 9B 14 1D 29 71 0D B6 F0 40 51 38"
The process %original file name%.exe:2452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 06 F2 AF 3A AD E9 A5 FF 60 FB 9C 5E C3 09 F1"
The process %original file name%.exe:3640 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 CD 74 A0 AD 36 54 58 18 C7 07 08 BF 88 6D AD"
The process %original file name%.exe:2552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 D0 B1 D4 57 1B 12 60 57 99 04 DF 3E 83 01 54"
The process %original file name%.exe:1060 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9D C8 2D 6F E0 8F 57 91 AF A3 DF 47 AE 99 EA F8"
The process %original file name%.exe:2992 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 2A 9A 0A 7D 0A 18 C6 A5 00 8D 41 52 E0 B0 21"
The process %original file name%.exe:3240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A2 36 CD 7D D6 2A 8E EE E1 F2 97 C3 10 3B 22 A4"
The process %original file name%.exe:2396 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 9F 16 D2 98 16 23 AE 44 AE C7 54 C2 A3 B3 6E"
The process %original file name%.exe:2412 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 9F C4 23 5B 59 F9 2C 09 3B 71 CB 9D E0 BA D2"
The process %original file name%.exe:532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF D6 FE E8 BF D1 85 3B 61 63 92 E8 62 E9 96 1D"
The process %original file name%.exe:296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CA D7 FC 14 B2 41 66 18 18 44 C9 C1 4D 18 5D 62"
The process %original file name%.exe:3848 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD 56 D8 23 81 82 E6 B3 CB 04 BB 94 62 38 79 7A"
The process %original file name%.exe:1380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 7B 33 7A 10 90 B0 1B CE 7E 66 31 06 D4 1D 84"
The process %original file name%.exe:2252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 3E F2 FA A3 D9 FC 85 5A C6 BB 4B 33 44 F1 FB"
The process %original file name%.exe:1908 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B2 0B FA A2 8C 20 0D 09 5D B1 09 01 20 B4 BA 14"
The process %original file name%.exe:196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 95 FB 0D 3C 9B 87 72 47 CF 88 FF 69 CE DD 8F"
The process %original file name%.exe:3944 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 27 3D 11 04 01 38 17 12 6C EF 8B 9F A0 AE EA"
The process %original file name%.exe:1924 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 EA 6B 3B 70 C5 E7 2F AD 39 DA 55 E2 2A C6 28"
The process %original file name%.exe:3148 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2E 76 E4 3F C0 A6 9B A4 4A 53 DB E3 F0 BF F1 5E"
The process %original file name%.exe:2068 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 03 7B E1 BF 5D D7 D2 14 F7 30 34 B2 C8 D5 26"
The process %original file name%.exe:3384 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE 59 C3 D4 F8 85 0D EA 84 0E EA 0B 10 B7 D9 74"
The process %original file name%.exe:628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 5D 38 B9 C0 E2 5C EA B6 CF 14 51 B1 90 BC F9"
The process %original file name%.exe:2300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 E1 D2 41 7F CD EF 2E 45 7B C4 AD 5E 8A 5F CC"
The process %original file name%.exe:4048 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 81 27 BF E5 A1 76 9B BF 74 4A B5 4A C7 D7 45"
The process %original file name%.exe:2380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D2 DC 23 81 DB 73 59 79 38 F6 A3 BE 5B 85 9D 83"
The process %original file name%.exe:1652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 5E 63 A4 9D 4A BB 6E 43 92 7C B7 DF D9 DC 27"
The process %original file name%.exe:2072 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 80 91 22 9A 8C 28 20 44 83 C8 91 3F 70 36 EC"
The process %original file name%.exe:2668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 69 6C 21 7E 52 DD 75 4E 47 14 B4 16 D9 14 EE"
The process %original file name%.exe:308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DB 4E 4F 7B E1 64 95 1D 6F F6 6F DC 08 1A 96 42"
The process %original file name%.exe:2440 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FE 40 67 EC A0 B3 2E 67 5D F0 93 78 1C 46 79 DF"
The process %original file name%.exe:2768 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 B7 8A 6F 06 C4 66 AA 9F 6E DD 94 05 6F C8 7B"
The process %original file name%.exe:3816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 BF 9C B2 CE 7A 30 D3 08 11 3C 27 BF 93 C0 4C"
The process %original file name%.exe:2936 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FF 98 D5 36 13 F2 A9 A3 5D 88 5D 38 FD E8 75 EA"
The process %original file name%.exe:1336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 1D C2 02 F2 6D 03 1F FA 6F FD 65 64 4C 28 0A"
The process %original file name%.exe:2284 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 41 AE B7 36 7D 35 5D A4 A0 92 5E 2B 91 28 87"
The process %original file name%.exe:1632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 22 39 10 24 76 4C 80 F4 45 84 9C 74 1F BE 4E"
The process %original file name%.exe:2884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 9E 50 65 DE 56 79 8B FE 11 E8 B8 D3 09 83 24"
The process %original file name%.exe:3264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "68 74 98 25 A5 EC 34 FB C4 18 44 7B CB 57 8B 57"
The process %original file name%.exe:2256 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C 77 43 E2 EA 6E C1 AA F7 DE 32 26 06 89 FD CE"
The process %original file name%.exe:3552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 C7 D9 BF EE 02 92 99 68 8B AB 1A D8 3F BE C7"
The process %original file name%.exe:4056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A 94 21 B7 EA 03 36 2B 23 DB 22 91 62 A2 AF 7D"
The process %original file name%.exe:3464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 D8 3F 59 AD 23 04 19 93 30 4A CD 68 3E C0 30"
The process %original file name%.exe:1636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "24 06 80 A5 F3 AE 6B 51 6C 55 73 CE 50 01 05 C0"
The process %original file name%.exe:3460 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 C6 68 47 CE 41 1D 74 FF C5 C4 47 88 75 76 E8"
The process %original file name%.exe:3500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "57 17 6C 15 6D CD AD 6C 6B 3C 35 C2 D0 BB 88 E8"
The process %original file name%.exe:2572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DF 92 03 25 E4 08 3F B3 27 3F 57 4F 7F 88 3E D3"
The process %original file name%.exe:1648 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 B6 0B 51 1F 93 5F CA EA 58 5C 76 4D 7E 9C 09"
The process %original file name%.exe:1240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 3D D7 3D A4 4C AD B7 14 52 32 77 F1 13 8E A2"
The process %original file name%.exe:2676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 6C 86 2F 28 53 3D 6B A2 AC 52 8C 3E F7 44 FD"
The process %original file name%.exe:436 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB BD 1D 31 17 09 C4 8C 50 00 E3 3B 67 4E 1E 49"
The process %original file name%.exe:3220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 72 6D 4A 09 1A A8 DE 78 18 64 16 BA E3 F6 F3"
The process %original file name%.exe:2372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B4 18 1E F0 89 1F 95 EB EA 0D 9E 91 01 73 33 2F"
The process %original file name%.exe:2616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6D A7 58 21 6C D3 A0 A8 04 55 51 A5 C5 14 7D EE"
The process %original file name%.exe:3596 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 07 46 7A 7F D4 82 5C 6A BB 96 B9 2B 0D EE D8"
The process %original file name%.exe:3616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 CF 7A 96 50 EE F9 E6 97 AA 4B 76 B3 5D 36 30"
The process %original file name%.exe:3232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "06 7E AB 68 C6 AB 61 15 59 D0 54 4E 2E FD 9C 5F"
The process %original file name%.exe:2920 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 07 9D 94 86 E8 A8 18 99 32 B1 1E E4 21 B8 C6"
The process %original file name%.exe:2456 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 28 0C B2 0D D6 C7 1A E8 9A 10 D9 74 94 0A 4C"
The process %original file name%.exe:2924 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 D4 B8 EF 12 F2 33 EE F1 4B E9 89 50 5B 41 30"
The process %original file name%.exe:456 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 E0 3E 59 32 A0 92 23 10 A7 65 C8 FF 9F A2 B5"
The process %original file name%.exe:332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 35 06 AF EF 53 D7 26 CB 08 DE 20 F8 A6 E9 F3"
The process %original file name%.exe:3604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 B8 00 40 4F 31 3A A5 EA 44 DE E2 E9 98 0B 9B"
The process %original file name%.exe:3124 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 C2 D0 4B 76 41 94 67 03 17 D0 38 10 70 2D 25"
The process %original file name%.exe:2196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "78 2E 51 60 4D A8 51 D2 18 D0 78 05 C7 19 7A A8"
The process %original file name%.exe:3008 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 0E EA F8 03 95 8B 8D 79 74 C2 C8 C9 7D 10 E1"
The process %original file name%.exe:1900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 E3 C9 DB C3 30 02 A9 73 74 C8 78 7B 4B E7 28"
The process %original file name%.exe:2472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 18 2D E8 D2 F8 79 B0 8B 90 82 13 81 A4 36 C9"
The process %original file name%.exe:2200 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 97 1B EE 04 6F 90 8C 67 A7 33 95 EA 76 3E C1"
The process %original file name%.exe:2568 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "16 12 D9 A3 87 D0 12 A9 53 7B 37 7D C6 05 82 A5"
The process %original file name%.exe:3216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 8B F3 16 31 34 0F 69 C1 36 B3 8E C6 95 01 1A"
The process %original file name%.exe:2052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 F6 E2 C2 95 EF 7B 4D D3 BF 9E F1 03 80 0C 7D"
The process %original file name%.exe:4064 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 B1 CA 52 7D F5 0B BD 08 47 B6 9B 8A E9 6B 0E"
The process %original file name%.exe:2056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 3C 37 BA D5 EA 0A EC 3D C1 08 6E 54 25 98 BC"
The process %original file name%.exe:3512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C B9 BB A4 45 17 9F FB 3E 89 3F C1 EF 59 EF F5"
The process %original file name%.exe:3692 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 B6 1C 3E D1 BE 37 34 84 BF D2 46 BB A4 7D 86"
The process %original file name%.exe:1584 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B AC D9 B8 1F 96 81 C6 D4 45 AC 10 65 03 36 78"
The process %original file name%.exe:656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7D 1B 94 75 2F 3A 75 A8 87 7C D4 FF 65 09 CF 0A"
The process %original file name%.exe:652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3B 33 BD B3 45 C0 CA 7D 7A 24 4B A1 AC AF 4E 99"
The process %original file name%.exe:2368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "33 B4 B5 00 76 53 00 74 8D 79 F6 D9 DA 36 8C AD"
The process %original file name%.exe:2684 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C E9 EA 30 19 5C 49 A6 05 C9 AA 40 ED 54 39 BE"
The process %original file name%.exe:3084 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 92 F0 06 C4 EA 21 17 12 AD DA E1 D3 B1 C7 E3"
The process %original file name%.exe:2112 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 A0 78 6E FE 54 5D 0F EE 87 AA 45 98 FE DA 62"
The process %original file name%.exe:2364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 92 09 F6 D1 53 64 DB F1 14 90 5C 3B AD 87 17"
The process %original file name%.exe:3896 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 D3 D7 0C 34 86 FC 4C 3C 9F D1 21 78 F3 E9 00"
The process %original file name%.exe:3080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2E 3C F0 6F B2 B4 33 93 11 CF 76 91 2E 24 CC 7C"
The process %original file name%.exe:2116 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3F 38 A0 DE DC FF FD 43 2F 90 C2 89 D4 D6 23 70"
The process %original file name%.exe:1212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F DE 18 6D E6 95 5D 67 C3 A4 29 91 26 A1 9E C6"
The process %original file name%.exe:2584 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 49 78 D2 4B DC 7D 40 BE F3 3F 4B AE 5D F5 57"
The process %original file name%.exe:2580 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 5B 97 23 E1 E7 7F DD 52 AA 1F 5A 41 91 A1 F4"
The process %original file name%.exe:2628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 86 3C AC 2D 3E 4B CF 4C A2 45 C6 FC 4D D6 71"
The process %original file name%.exe:3608 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 00 72 26 93 70 C3 ED D2 77 CC 78 AC A6 E1 3A"
The process %original file name%.exe:3072 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 0B A8 C2 43 2D CA 8A 8C B1 DB 58 B7 D9 CC 91"
The process %original file name%.exe:2180 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 72 75 46 33 1A EA 8C D7 C4 52 5E 8A 67 6C 43"
The process %original file name%.exe:3728 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F4 0B B0 32 86 4F 2B D0 13 D6 65 54 71 CD B4 30"
The process %original file name%.exe:3112 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 46 D1 0E 7A B1 EB 0B 5D 2F 8E 91 72 58 BA 7F"
The process %original file name%.exe:3528 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1A 57 1F 64 9B 4C 5A B0 1B 95 26 99 E3 84 54 13"
The process %original file name%.exe:3884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 DA B5 55 4E EC 1D F7 12 94 4A EB 1E 2E 87 00"
The process %original file name%.exe:2896 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 DE A2 8A 59 27 15 AB AE 1D C5 D4 1A BC 12 B7"
The process %original file name%.exe:2892 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 A7 47 A2 F3 AE 1D D9 6D 7F 41 80 5C 2E 17 A7"
The process %original file name%.exe:3212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 F4 0B CC 81 09 39 C2 98 3E 9B B3 15 51 FE 6B"
The process %original file name%.exe:2516 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 4A 5C 91 E1 0D 85 12 FE 14 DC 37 69 E9 C7 89"
The process %original file name%.exe:2080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 5B B5 B4 87 7F 7B 23 DB 84 F6 FF FA A1 7B 53"
The process %original file name%.exe:4080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 A8 61 B6 46 0F E5 17 4E 95 A5 CF 9C 2A B4 60"
The process %original file name%.exe:2736 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 5B 59 53 83 5B AD 71 F4 81 BE EE D6 E0 B2 53"
The process %original file name%.exe:3864 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BC FC 20 E3 27 6F A4 96 ED DB EE C1 27 4B E9 A3"
The process %original file name%.exe:1928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A E4 8A C9 E3 1A 99 59 82 88 64 B1 A6 90 30 EF"
The process %original file name%.exe:2948 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 AF 73 F5 8D B0 07 69 0D D7 5D 86 9D FB 95 15"
The process %original file name%.exe:232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "35 41 1D 3D 96 64 C0 F3 86 0B B4 32 D4 5C 60 BA"
The process %original file name%.exe:2136 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 54 B1 57 7E 33 24 9F 46 57 86 4E C2 E8 F4 CC"
The process %original file name%.exe:3348 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 92 2A 25 2C 46 7D 7B 0D CA C1 AE FB 08 7D 38"
The process %original file name%.exe:2132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 1A 1B 09 42 A2 FA B8 9C 54 FC C4 0B 25 DA 4B"
The process %original file name%.exe:3100 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 8E BE FF 47 3B 86 F7 07 3D 16 91 FB 33 8B 60"
The process %original file name%.exe:1612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 7A F1 97 D3 25 74 8B B0 20 D7 14 EB AB 3F 13"
The process %original file name%.exe:3184 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 6E 49 AE EF 66 9E C7 4A 08 60 F5 A5 2B 68 63"
The process %original file name%.exe:320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B C2 8C 98 7D 99 2D E4 D4 CE 73 37 FF 92 0C CA"
The process %original file name%.exe:2508 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 C5 43 C3 66 D5 B0 5D B8 01 9B 31 8F 4B CC C6"
The process %original file name%.exe:2748 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FB B5 56 48 98 0B C2 1C 0C 28 F7 B7 29 C8 F1 D6"
The process %original file name%.exe:3872 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 3B 9E 1B 36 D2 4F C2 D7 99 98 D7 A5 2A 83 51"
The process %original file name%.exe:2500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 13 53 A0 06 B8 80 BE FE 51 12 EE B0 B6 52 D4"
The process %original file name%.exe:3916 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D2 62 D7 6D D4 6F FA C4 51 BF D8 7A C0 B1 B4 82"
The process %original file name%.exe:204 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4F 4A EA 6F 71 F4 86 B4 44 E1 E0 83 DF A3 AF 22"
The process %original file name%.exe:2640 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 1D 26 54 47 AA 34 F8 3E 38 B9 DA 35 23 51 FB"
The process %original file name%.exe:3476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 6E 81 45 1B C2 2C 1F F7 56 62 EA 53 83 6B E9"
The process %original file name%.exe:3052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AD AA FD AE B7 8F 9F 3B 80 05 3C 96 F2 B9 02 FF"
The process %original file name%.exe:3704 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C3 0B 7C E3 B3 AA 0B 11 DB 52 C9 6E 67 CD F8 AF"
The process %original file name%.exe:3780 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA 02 CA CB 2C C7 B7 53 F5 72 FE 41 39 31 E3 69"
The process %original file name%.exe:1804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 7F 5B 81 9F 5A 7B F5 83 91 FB 87 93 A5 F7 7F"
The process %original file name%.exe:3788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E 8C EA 40 51 C2 B8 08 D6 CE 10 29 C3 F2 41 C1"
The process %original file name%.exe:3524 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 B9 1E A9 2D 82 03 41 A9 20 A4 60 45 78 E6 FD"
The process %original file name%.exe:3424 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 C6 A1 6C E5 4A 67 CA FC B5 58 00 BB D8 DD 91"
The process %original file name%.exe:472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "50 75 A2 9B EA 0B 5A 90 E3 40 31 69 01 01 7B 78"
The process %original file name%.exe:3196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 7C 87 34 7F 8F 8B 91 82 CC 0E D4 E8 02 35 5E"
The process %original file name%.exe:808 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 03 02 32 DC 46 AD 06 FA EA F9 4C 18 3B F4 70"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
The process NesIMIQs.exe:1208 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 01 2B 56 28 94 D9 72 EA 33 6C 32 4D 59 59 75"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
Dropped PE files
| MD5 | File path |
|---|---|
| b888c4f82fbe5eb166c6bb648eeb4b4a | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe |
| 36b2caf985baaf86c608b6afee5bb89b | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe |
| af3db351202adfa753faad12a9c23a84 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe |
| ae77a191b20333cfd06ec89c3d8219f4 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe |
| efdcd3be9797a054fb9be862750a80a5 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe |
| 3d5ab9a307c54fac4d2d254f51aa4577 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe |
| 0e4521ec960d2f69057f6633807f4a9e | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe |
| a981fc41577f0b7ac2569c198a6abefc | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe |
| e8042a314146cd304c6799568a5a1161 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe |
| 715626b77e85754953f5b1b96e5a6e84 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe |
| b0a732f5fb5b058e978f292e18165153 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe |
| 475b89d5f951ef9cd271a210bd43c38d | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe |
| bfa2583c7dc53f850f2113ce499963de | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe |
| c7d8fe4c067809dd7c77f532307cbb53 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe |
| f0875297858fb1100312b95422ba8c7d | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe |
| 6b3c0579fda5c4348067d60407c83b06 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe |
| 7b8791bce84489066f91877c6a859fa9 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe |
| dfe0566dc924bf58fae26bdd979014bb | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe |
| aeb6f6033583722360a97703fb143273 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe |
| 730f1b0a316142c390c8d88a467b6c67 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe |
| 7eae90d79c451e0546cd1dbc31482563 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe |
| 9b4c2c8e3eaca2754a8a401b95cc2864 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe |
| d602f64e1e964c7639047895e5e72aa0 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe |
| 68787dc74968a75e9a33ac27003e4aac | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe |
| f415fd125eb289b87b3f4f1b5952834a | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe |
| 3b565c22420f87c8e259ec0bbd9f58f1 | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe |
| 696a7dc3614119668b427a6247424e28 | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe |
| 3fee9d86213800fc39cc2da7557abf29 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe |
| c413e3902574575c45929e135236ada1 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe |
| 0aee605af5e3c45e966a778db7dbaded | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe |
| a404531bf7f0f9adc2583d202cce1fee | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe |
| 4f537cc7e2088332c5d49f5756ef4979 | c:\Documents and Settings\All Users\JuwEIgUE\reIEcoQI.exe |
| 82f63d5baac4ec2229de90d15c0d2028 | c:\Documents and Settings\All Users\hcYYccwo\NesIMIQs.exe |
| 00772971d0196a037cd5dbfed2a03d31 | c:\Documents and Settings\"%CurrentUserName%"\dUskcAww\fGAwoYMM.exe |
| ab17617f019127a9023859e543ea0784 | c:\Perl\eg\IEExamples\ie_animated.gif.exe |
| 40a3dcf8ba91958565fb3653e84b78bf | c:\Perl\eg\IEExamples\psbwlogo.gif.exe |
| 74a8635d520b1fdab8f42aa1eefaf75f | c:\Perl\eg\aspSamples\ASbanner.gif.exe |
| 31f830f2216c45b22710ad120c4159d2 | c:\Perl\eg\aspSamples\Main_Banner.gif.exe |
| 789012f09a4bd8f3e7df44d4fcf71434 | c:\Perl\eg\aspSamples\psbwlogo.gif.exe |
| 4f92808ce364150241eab2731d572ec5 | c:\Perl\html\images\AS_logo.gif.exe |
| c720ab0b1041ec1010c7a882871b2d45 | c:\Perl\html\images\PerlCritic_run.png.exe |
| 2b71262fda32e9ae0bc8106ea10751e4 | c:\Perl\html\images\aslogo.gif.exe |
| eb4ba078a75c1b9b7c0b7c45b0246f5e | c:\Perl\html\images\ppm_gui.png.exe |
| c17a578db75f7104778d4f155f3cc153 | c:\Perl\lib\ActivePerl\PPM\images\gecko.png.exe |
| 17a791fbf97b060aea031ec5ad24261b | c:\Perl\lib\ActivePerl\PPM\images\perl_48x48.png.exe |
| aaf33ba5067d9afaf69b8d7d1e82923b | c:\Perl\lib\Devel\NYTProf\js\asc.png.exe |
| be430a456191eb9b0b0f93983133a50b | c:\Perl\lib\Devel\NYTProf\js\bg.png.exe |
| 3239a88443bd4bde572cf5ef0936e7c9 | c:\Perl\lib\Devel\NYTProf\js\desc.png.exe |
| 56cb725230bd65772bc94aeba8040fe2 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient.png.exe |
| 2381856a7b06233cb8944086d0145887 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient20.png.exe |
| 29dba66b70e5a13b6dcf671cb98d55a4 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient30.png.exe |
| db81c3b085e4a7d91324bf640832c6e3 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient40.png.exe |
| 7bf599d3ac4f10f6a140feec11cdf6fb | c:\Perl\lib\Devel\NYTProf\js\jit\gradient50.png.exe |
| df5e4546183404c5981aff8e8a619bda | c:\Perl\lib\Mozilla\CA\cacert.pem.exe |
| 84196bd328722963e4e010ed3cb3bb4a | c:\totalcmd\TCMADMIN.EXE.exe |
| 3033330d803468719d49b0c198a606fa | c:\totalcmd\TCMDX32.EXE.exe |
| c797d0ee32ff39ebaca498e3532cbee5 | c:\totalcmd\TCUNINST.EXE.exe |
| e2fb0b76b4200328d2f2fb6be8c67167 | c:\totalcmd\TOTALCMD.EXE.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
VersionInfo
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 917504 | 914944 | 4.87874 | 5dd92d89f6f808435848c466c8ef74a5 |
| .rdata | 921600 | 4096 | 512 | 2.29846 | a25ed7cb967654b35089f5afa895981a |
| .data | 925696 | 178 | 512 | 2.36376 | 5eafb0639db8f96905550ce2731a746f |
| .rsrc | 929792 | 6940 | 7168 | 3.99048 | 52ab1542675adefc4a64b7c31b54c073 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
URLs
| URL | IP |
|---|---|
| hxxp://google.com/ |  173.194.113.201 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Web Traffic was not found.
The Trojan connects to the servers at the folowing location(s):
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
cscript.exe:2712
cscript.exe:2964
cscript.exe:3576
cscript.exe:212
cscript.exe:3712
cscript.exe:2844
cscript.exe:1308
cscript.exe:2096
cscript.exe:2092
cscript.exe:3652
cscript.exe:2524
cscript.exe:3172
cscript.exe:3856
cscript.exe:2404
cscript.exe:3852
cscript.exe:2400
cscript.exe:1676
cscript.exe:2464
cscript.exe:1316
cscript.exe:3884
cscript.exe:1920
cscript.exe:3936
cscript.exe:1796
cscript.exe:3332
cscript.exe:1496
cscript.exe:264
cscript.exe:3408
cscript.exe:3756
cscript.exe:3248
cscript.exe:2556
cscript.exe:2492
cscript.exe:3032
cscript.exe:3244
cscript.exe:2416
cscript.exe:2060
cscript.exe:2256
cscript.exe:2148
cscript.exe:3772
cscript.exe:3776
cscript.exe:1324
cscript.exe:3628
cscript.exe:2908
cscript.exe:3828
cscript.exe:332
cscript.exe:3272
cscript.exe:2824
cscript.exe:3676
cscript.exe:4044
cscript.exe:1712
cscript.exe:2780
cscript.exe:2544
cscript.exe:2300
cscript.exe:2980
cscript.exe:2304
cscript.exe:2268
cscript.exe:2388
cscript.exe:364
cscript.exe:2076
cscript.exe:2288
cscript.exe:3664
cscript.exe:2444
cscript.exe:3952
cscript.exe:2932
cscript.exe:3956
cscript.exe:3152
cscript.exe:3456
cscript.exe:3312
cscript.exe:2832
cscript.exe:3316
cscript.exe:2452
cscript.exe:4056
cscript.exe:2044
cscript.exe:3464
cscript.exe:3212
cscript.exe:3396
cscript.exe:3012
cscript.exe:3504
cscript.exe:1240
cscript.exe:2168
cscript.exe:3512
cscript.exe:432
cscript.exe:2616
cscript.exe:3612
cscript.exe:2612
cscript.exe:624
cscript.exe:3804
cscript.exe:2296
cscript.exe:1228
cscript.exe:3004
cscript.exe:2808
cscript.exe:3268
cscript.exe:252
cscript.exe:4084
cscript.exe:172
cscript.exe:1632
cscript.exe:2204
cscript.exe:1980
cscript.exe:2056
cscript.exe:2560
cscript.exe:2564
cscript.exe:3088
cscript.exe:2368
cscript.exe:2112
cscript.exe:3080
cscript.exe:2360
cscript.exe:2428
cscript.exe:3860
cscript.exe:2152
cscript.exe:636
cscript.exe:564
cscript.exe:2180
cscript.exe:2184
cscript.exe:3724
cscript.exe:3284
cscript.exe:160
cscript.exe:3280
cscript.exe:2212
cscript.exe:3448
cscript.exe:3376
cscript.exe:3964
cscript.exe:2752
cscript.exe:2352
cscript.exe:2100
cscript.exe:2692
cscript.exe:3968
cscript.exe:2104
cscript.exe:2864
cscript.exe:2732
cscript.exe:2868
cscript.exe:2572
cscript.exe:2636
cscript.exe:3632
cscript.exe:1288
cscript.exe:3148
cscript.exe:2816
cscript.exe:2948
cscript.exe:2940
cscript.exe:2136
cscript.exe:3108
cscript.exe:876
cscript.exe:2224
cscript.exe:2740
cscript.exe:1752
cscript.exe:644
cscript.exe:4092
cscript.exe:2872
cscript.exe:2724
cscript.exe:3912
cscript.exe:3708
cscript.exe:3544
cscript.exe:2332
cscript.exe:3540
cscript.exe:1280
cscript.exe:2232
cscript.exe:3220
cscript.exe:3104
cscript.exe:2000
cscript.exe:476
cscript.exe:2532
%original file name%.exe:2964
%original file name%.exe:3712
%original file name%.exe:2652
%original file name%.exe:2844
%original file name%.exe:1260
%original file name%.exe:2280
%original file name%.exe:2968
%original file name%.exe:2840
%original file name%.exe:3320
%original file name%.exe:4024
%original file name%.exe:2096
%original file name%.exe:4020
%original file name%.exe:2092
%original file name%.exe:3656
%original file name%.exe:3044
%original file name%.exe:3652
%original file name%.exe:3556
%original file name%.exe:1948
%original file name%.exe:2320
%original file name%.exe:2592
%original file name%.exe:1940
%original file name%.exe:2480
%original file name%.exe:2400
%original file name%.exe:3804
%original file name%.exe:2244
%original file name%.exe:2240
%original file name%.exe:816
%original file name%.exe:3836
%original file name%.exe:336
%original file name%.exe:3764
%original file name%.exe:3768
%original file name%.exe:3492
%original file name%.exe:2656
%original file name%.exe:1956
%original file name%.exe:4036
%original file name%.exe:3408
%original file name%.exe:3672
%original file name%.exe:2452
%original file name%.exe:3640
%original file name%.exe:2552
%original file name%.exe:1060
%original file name%.exe:2992
%original file name%.exe:3240
%original file name%.exe:2396
%original file name%.exe:2412
%original file name%.exe:532
%original file name%.exe:296
%original file name%.exe:3848
%original file name%.exe:1380
%original file name%.exe:2252
%original file name%.exe:1908
%original file name%.exe:196
%original file name%.exe:3944
%original file name%.exe:1924
%original file name%.exe:3148
%original file name%.exe:2068
%original file name%.exe:3384
%original file name%.exe:628
%original file name%.exe:2300
%original file name%.exe:4048
%original file name%.exe:2380
%original file name%.exe:1652
%original file name%.exe:2072
%original file name%.exe:2668
%original file name%.exe:308
%original file name%.exe:2440
%original file name%.exe:2768
%original file name%.exe:3816
%original file name%.exe:2936
%original file name%.exe:1336
%original file name%.exe:2284
%original file name%.exe:1632
%original file name%.exe:2884
%original file name%.exe:3264
%original file name%.exe:2256
%original file name%.exe:3552
%original file name%.exe:4056
%original file name%.exe:3464
%original file name%.exe:1636
%original file name%.exe:3460
%original file name%.exe:3500
%original file name%.exe:2572
%original file name%.exe:1648
%original file name%.exe:1240
%original file name%.exe:2676
%original file name%.exe:436
%original file name%.exe:3220
%original file name%.exe:2372
%original file name%.exe:2616
%original file name%.exe:3596
%original file name%.exe:3616
%original file name%.exe:3232
%original file name%.exe:2920
%original file name%.exe:2456
%original file name%.exe:2924
%original file name%.exe:456
%original file name%.exe:332
%original file name%.exe:3604
%original file name%.exe:3124
%original file name%.exe:2196
%original file name%.exe:3008
%original file name%.exe:1900
%original file name%.exe:2472
%original file name%.exe:2200
%original file name%.exe:2568
%original file name%.exe:3216
%original file name%.exe:2052
%original file name%.exe:4064
%original file name%.exe:2056
%original file name%.exe:3512
%original file name%.exe:3692
%original file name%.exe:1584
%original file name%.exe:656
%original file name%.exe:652
%original file name%.exe:2368
%original file name%.exe:2684
%original file name%.exe:3084
%original file name%.exe:2112
%original file name%.exe:2364
%original file name%.exe:3896
%original file name%.exe:3080
%original file name%.exe:2116
%original file name%.exe:1212
%original file name%.exe:2584
%original file name%.exe:2580
%original file name%.exe:2628
%original file name%.exe:3608
%original file name%.exe:3072
%original file name%.exe:2180
%original file name%.exe:3728
%original file name%.exe:3112
%original file name%.exe:3528
%original file name%.exe:3884
%original file name%.exe:2896
%original file name%.exe:2892
%original file name%.exe:3212
%original file name%.exe:2516
%original file name%.exe:2080
%original file name%.exe:4080
%original file name%.exe:2736
%original file name%.exe:3864
%original file name%.exe:1928
%original file name%.exe:2948
%original file name%.exe:232
%original file name%.exe:2136
%original file name%.exe:3348
%original file name%.exe:2132
%original file name%.exe:3100
%original file name%.exe:1612
%original file name%.exe:3184
%original file name%.exe:320
%original file name%.exe:2508
%original file name%.exe:2748
%original file name%.exe:3872
%original file name%.exe:2500
%original file name%.exe:3916
%original file name%.exe:204
%original file name%.exe:2640
%original file name%.exe:3476
%original file name%.exe:3052
%original file name%.exe:3704
%original file name%.exe:3780
%original file name%.exe:1804
%original file name%.exe:3788
%original file name%.exe:3524
%original file name%.exe:3424
%original file name%.exe:472
%original file name%.exe:3196
%original file name%.exe:808 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\ucMsUAgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qukEcMok.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BMksEAcY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nwIkMcYg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HGAUksMo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cKQIUIUE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IkEUEMQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rioUMEoU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oIMwwgwM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZKkMQwUY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IaoUEMgY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ogEMksUU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aEUosYEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PQIEggEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SEEIYwgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dSEAIgYc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vQYoMwoY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UYYYIYEA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EYgAYcMY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kKIkAkQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mUEEYEoE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LCAgQYYs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mQwYAQYs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\doQksAII.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FOsAsYok.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zAscUIMM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYcsAAsQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nIcEYcMU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DQwYIcQM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yOkskYAA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GqEYwAQE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TUsgEowQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EaYkQIEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YOAssYUs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oEMgMAgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mYAoscMA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NqwAYMAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JYoEsQYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rOsQEEYw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LCAgIIEc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YcUcMUYY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\naMQoUwA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vMokUgcw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tscEYQoQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sSgsAcos.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dOAcAgQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZuoAIYMI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GGAogAwU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mGAYAooA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\acAYkUAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sgQkkEYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UwcocYAM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PsQQgEks.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ACIEgcQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KqAgYUYY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yyIAsYYA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HmAUogIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jeokcEgw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VwMYgMYc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HGkMYUoM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cAQoYcMQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gOgIQkkw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kGEYEQIo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UOwUkQgs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qkIQcooc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BAEwgQIc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oOkogEgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JYssgwcI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EoYUUAYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VYQgEsAs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JywEokow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OaAsQsoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iuEkMcwk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bCQsQAYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZOwEMcoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pSQYYAIc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fCocgooY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gIMkIYUY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZeMQEAko.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kIkoMkUU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MowkcEcI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GoQIookk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LaswEYMc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uickkkcQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GmEEYgQo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oeUkUUYE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bGQQIcwM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jeMYMYQc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NYgMUMEM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IsggMMwM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UUcAoAYg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cmUMQcsw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GsEMQAwM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xsQscAkc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZukEsAIs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rQksgwIU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aoscQUEM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oKMkgwQQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BCwIYIsA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XsIQoQYk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bQEYQkUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AAgskYkI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xokokIkI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KakYEkYc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ROQMgkoE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VQMwEsow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IMkQIMMM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nesYAIUc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZGYAIMQY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jYEcIAMU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TQgEwsEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KqssMAgk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jQckIcoQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dqgUkogU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FYgUooYA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\goEIQQQQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AEUYkogM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RQocoIAI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\poAsoksQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dWIAgsww.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LqYMwQAk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SmIAIEAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LsUMoIAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AqUsAggo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kSMgMkcE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YMAYUEgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CuckIkoI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WCQMIsMs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sWAMQYgU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AgcYEgYw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wIkIIQwA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SigQMIwc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lSAogUoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tkAggsgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LGkAgAUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oEIgQQMQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bGUsUcks.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wUkAIkoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\peoIIEkc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QyAwosIU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GywYksME.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fyAkUAIg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JKckQUUI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hWwoAAUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CkMswcAA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uMYsYQYg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LCAMYAoQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\COowEQUI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tOMEoAQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VMccwoEU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jYcUgYkQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tckUUUIY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CggMEsEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yaEEwIwg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kGIEkIQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UqsMAMkA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yooMMkQY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ymMMYcwM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RkAokEEg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QegwskMs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UUoEYoIo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bgAQQMsQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lIUAAEgM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PsYcYYow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FmMcwYkM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CyEcIsYc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XmMwMckQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zWgwYoAk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sagIIgcc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zqQcsMMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsIIMsYk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GKsIEgkg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UmsMYEYg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FugwQUMM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MeoQAggY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zicokgcE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nqkEQsUA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UAYIIQIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KWoQUQMY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AOscQUYc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LyowocII.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MsgMoMoI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MkwIEcgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nCoEsYcY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rEgIoYAg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IwYQUQgU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BQYYAAkc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RmscUoQo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dgQEocQY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GQIsEEoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gsYMowUU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dcgcQosA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xQsYIocM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rAIQQMwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PoMokkss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bOAgQUwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xqMkYEAo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oqMgQMYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lygMYQss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rCswwQgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JcgIsAUM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\okEwUgMY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dMsMAAIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WakEwkkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JAoEUEUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gscEYoUw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SwQkYAMA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wEEMsMIU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RkUEogQg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JwEMAwco.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ROMMAIoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TmoIIYok.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mQUEYMcQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JaQQQAUg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sucwMAok.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xwwUMgMw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pUYYkYMg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mwoUUQok.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TAIoQQMs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nKgcQAgs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KwkcwkoA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NuEoAYIA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LiksMkkI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\msIkoIEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gIEEwoQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zMEAIQIE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DowAgooQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qsAkwswk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iQEswoAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eucYQock.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eqQQEEQs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qUcMAsUg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JyAMwsEw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MsIEkMkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tAYQUwMA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ccEkEEIw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xeIgsoEg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VmUgkwsg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SyYUAwsE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KgsosYQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ywUQsIwY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eSEwMgQc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EuQQIcMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kCgkEQgo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\heUoIEMk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QwwwMgss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rUYMokkk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gGsEIggU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VYoIogoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WEAkYoEU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fgwgwwgI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Lmcwkowg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZOQsMMwo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KCMAUYUs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CoAkEcgQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MAsoEEAw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qeUMUMUI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UMMooEwQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GWggkcYE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GAoAIcQU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kiAsIwww.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SiYkUsUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mYgkoUkA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IKAYogsg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zqowMQkY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OOgIsYcA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qogIYEYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EOkMQIQI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sAAgQUAo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aoUwQwMI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HAEoAQcQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sIwMEwsQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gEsEQUEU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xCcwgIgM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YogUMkcs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UQoMgwYU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tkYEAMYU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oAwEQocY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NuckEQcU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LAEEokEw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JQAAswsI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jAkskQsU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FsUQIIUc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qsEAYgEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UwkksUAs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AmIIcYgg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iGAYgAwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AWMQgkMw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AGgEYMks.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fyEksIsU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XsEIUwQs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IAwAkgcM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qKIEsQkY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NWcAYsQY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HsQQYoEE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gywYwQsY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hSEAEoEA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AeMYgEEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ACgYcooA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MgAUYocw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lgAcssco.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xGcUkAks.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BGwIkscM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qUoYkssU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iWQQcgMY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GcwkIAMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RQEgQIQs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lIMkcEAk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oywIwYow.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SGcQwAQk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HEkYoUsU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KUIQEgMQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fgcYgEEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OmMUgkME.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xoUUIEMc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iSAskYwk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vAkQgIoE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SWUwUAAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aaAwAEAQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\huMwssgc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PosYcAUc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EUscEYYM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SMcYMUcA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OesMsIQw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQIcskQw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cAkMUoYw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QekMQcsI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qOwIAoEc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QIowwkoc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ikMIsMEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QeYwgAMg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UCEMkQQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\auEoAEEY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gKgYckcs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\liAYUMMY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WukUIMQw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nMwooAwg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dOAgcUIg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\coswwkcw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tuEwAsso.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tkkEwMgs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ncQUcoIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iigwMMAk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IOsYsoEU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\liUYEgsM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WUMgwIUA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LMYwcUso.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VaEUkMwU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nmAUYcQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YUkoAIYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zMIUskgI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lcgwkcog.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zuYcYYIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QAEAkwQE.bat (112 bytes)
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe (3825 bytes)
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe (4137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LsUoEUQc.bat (4 bytes)
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe (3921 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (7726 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (2321 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (30812 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (2321 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (3073 bytes)
C:\totalcmd\TcUsbRun.exe (3073 bytes)
C:\totalcmd\TCUNINST.EXE.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\KAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (3361 bytes)
C:\totalcmd\TCMDX32.EXE.exe (3361 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (5441 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (2321 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.
