Gen:Variant.Kazy.535458 (B) (Emsisoft), Gen:Variant.Kazy.535458 (AdAware), ZeroAccess.YR (Lavasoft MAS)Behaviour: Malware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: d4a55cc7b461baa492d09def48760fb6
SHA1: 9e299ead1493fd92c710ac91f6749976d29b01a0
SHA256: 2c790a7829b5f3c3f27ed9d4daba7562c0889eef1303fb9c568d7af6b5f497eb
SSDeep: 12288:LTV JiEdghdusjrGSPl8xkXCb3GgiQvdvUEuXK8awp9st5IQxq2M:Pxpjr/DXQiQdUEcX2hM
Size: 625664 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-01-06 02:36:08
Analyzed on: WindowsXP SP3 32-bit
Summary: Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Malware creates the following process(es):
%original file name%.exe:3076
%original file name%.exe:3928
%original file name%.exe:2184
%original file name%.exe:2656
%original file name%.exe:2840
%original file name%.exe:4024
%original file name%.exe:4092
%original file name%.exe:2320
%original file name%.exe:3552
%original file name%.exe:2484
%original file name%.exe:2480
%original file name%.exe:3792
%original file name%.exe:2120
%original file name%.exe:3852
%original file name%.exe:2400
%original file name%.exe:3996
%original file name%.exe:548
%original file name%.exe:1916
%original file name%.exe:348
%original file name%.exe:1460
%original file name%.exe:1672
%original file name%.exe:2912
%original file name%.exe:1792
%original file name%.exe:1796
%original file name%.exe:3644
%original file name%.exe:1068
%original file name%.exe:3564
%original file name%.exe:1824
%original file name%.exe:3568
%original file name%.exe:2996
%original file name%.exe:2496
%original file name%.exe:928
%original file name%.exe:2412
%original file name%.exe:2392
%original file name%.exe:828
%original file name%.exe:2256
%original file name%.exe:2796
%original file name%.exe:2252
%original file name%.exe:3772
%original file name%.exe:2900
%original file name%.exe:2472
%original file name%.exe:3628
%original file name%.exe:2772
%original file name%.exe:2776
%original file name%.exe:3140
%original file name%.exe:3272
%original file name%.exe:3148
%original file name%.exe:2308
%original file name%.exe:2540
%original file name%.exe:1716
%original file name%.exe:2980
%original file name%.exe:4048
%original file name%.exe:3388
%original file name%.exe:2176
%original file name%.exe:3160
%original file name%.exe:2076
%original file name%.exe:3580
%original file name%.exe:3956
%original file name%.exe:304
%original file name%.exe:3216
%original file name%.exe:2764
%original file name%.exe:380
%original file name%.exe:1932
%original file name%.exe:1776
%original file name%.exe:240
%original file name%.exe:388
%original file name%.exe:2836
%original file name%.exe:3508
%original file name%.exe:2276
%original file name%.exe:244
%original file name%.exe:2576
%original file name%.exe:1840
%original file name%.exe:3016
%original file name%.exe:2992
%original file name%.exe:3096
%original file name%.exe:644
%original file name%.exe:2676
%original file name%.exe:3188
%original file name%.exe:2372
%original file name%.exe:1224
%original file name%.exe:3124
%original file name%.exe:1228
%original file name%.exe:3696
%original file name%.exe:2800
%original file name%.exe:1900
%original file name%.exe:2880
%original file name%.exe:3368
%original file name%.exe:1980
%original file name%.exe:3692
%original file name%.exe:3360
%original file name%.exe:1988
%original file name%.exe:3088
%original file name%.exe:1032
%original file name%.exe:3084
%original file name%.exe:2360
%original file name%.exe:3600
%original file name%.exe:2152
%original file name%.exe:636
%original file name%.exe:2580
%original file name%.exe:2420
%original file name%.exe:464
%original file name%.exe:3892
%original file name%.exe:1596
%original file name%.exe:3520
%original file name%.exe:3288
%original file name%.exe:2188
%original file name%.exe:3280
%original file name%.exe:220
%original file name%.exe:3688
%original file name%.exe:3444
%original file name%.exe:3680
%original file name%.exe:1028
%original file name%.exe:2892
%original file name%.exe:3964
%original file name%.exe:3532
%original file name%.exe:816
%original file name%.exe:1452
%original file name%.exe:3116
%original file name%.exe:2100
%original file name%.exe:2692
%original file name%.exe:1108
%original file name%.exe:4080
%original file name%.exe:2736
%original file name%.exe:3868
%original file name%.exe:2868
%original file name%.exe:3632
%original file name%.exe:2436
%original file name%.exe:3460
%original file name%.exe:2816
%original file name%.exe:2948
%original file name%.exe:3068
%original file name%.exe:1052
%original file name%.exe:2944
%original file name%.exe:2340
%original file name%.exe:2228
%original file name%.exe:3196
%original file name%.exe:3432
%original file name%.exe:4004
%original file name%.exe:2348
%original file name%.exe:1196
%original file name%.exe:1568
%original file name%.exe:2036
%original file name%.exe:2672
%original file name%.exe:3480
%original file name%.exe:2748
%original file name%.exe:3812
%original file name%.exe:2500
%original file name%.exe:3916
%original file name%.exe:2724
%original file name%.exe:612
%original file name%.exe:1816
%original file name%.exe:1608
%original file name%.exe:3428
%original file name%.exe:3228
%original file name%.exe:1860
%original file name%.exe:1600
%original file name%.exe:940
%original file name%.exe:356
%original file name%.exe:2004
%original file name%.exe:3224
%original file name%.exe:2604
%original file name%.exe:3340
%original file name%.exe:804
cscript.exe:3920
cscript.exe:1300
cscript.exe:2848
cscript.exe:3712
cscript.exe:3228
cscript.exe:2304
cscript.exe:132
cscript.exe:2860
cscript.exe:3412
cscript.exe:3344
cscript.exe:2172
cscript.exe:3808
cscript.exe:2524
cscript.exe:1072
cscript.exe:2528
cscript.exe:344
cscript.exe:1376
cscript.exe:2244
cscript.exe:280
cscript.exe:548
cscript.exe:348
cscript.exe:3992
cscript.exe:2460
cscript.exe:1524
cscript.exe:2916
cscript.exe:3936
cscript.exe:1796
cscript.exe:1956
cscript.exe:3336
cscript.exe:3152
cscript.exe:1228
cscript.exe:3640
cscript.exe:2316
cscript.exe:2992
cscript.exe:1064
cscript.exe:2996
cscript.exe:3244
cscript.exe:2804
cscript.exe:2264
cscript.exe:2060
cscript.exe:3848
cscript.exe:2064
cscript.exe:2252
cscript.exe:2288
cscript.exe:2904
cscript.exe:3940
cscript.exe:1028
cscript.exe:2828
cscript.exe:3032
cscript.exe:3308
cscript.exe:1484
cscript.exe:3148
cscript.exe:4044
cscript.exe:2308
cscript.exe:3476
cscript.exe:3472
cscript.exe:2544
cscript.exe:2548
cscript.exe:2788
cscript.exe:1256
cscript.exe:2384
cscript.exe:368
cscript.exe:2072
cscript.exe:3108
cscript.exe:2668
cscript.exe:3844
cscript.exe:3812
cscript.exe:2280
cscript.exe:3956
cscript.exe:2764
cscript.exe:380
cscript.exe:244
cscript.exe:240
cscript.exe:3268
cscript.exe:2832
cscript.exe:3316
cscript.exe:3392
cscript.exe:2272
cscript.exe:3012
cscript.exe:3468
cscript.exe:2208
cscript.exe:644
cscript.exe:2792
cscript.exe:2376
cscript.exe:2928
cscript.exe:2596
cscript.exe:3596
cscript.exe:2592
cscript.exe:3804
cscript.exe:2456
cscript.exe:2452
cscript.exe:3004
cscript.exe:3000
cscript.exe:2196
cscript.exe:3900
cscript.exe:3164
cscript.exe:1900
cscript.exe:2200
cscript.exe:2880
cscript.exe:3368
cscript.exe:1980
cscript.exe:3364
cscript.exe:2560
cscript.exe:3696
cscript.exe:2368
cscript.exe:2684
cscript.exe:188
cscript.exe:2680
cscript.exe:2428
cscript.exe:3600
cscript.exe:2624
cscript.exe:3608
cscript.exe:3524
cscript.exe:3728
cscript.exe:3724
cscript.exe:2188
cscript.exe:220
cscript.exe:868
cscript.exe:3904
cscript.exe:3376
cscript.exe:3440
cscript.exe:3684
cscript.exe:3500
cscript.exe:3964
cscript.exe:2108
cscript.exe:2752
cscript.exe:2100
cscript.exe:1512
cscript.exe:740
cscript.exe:1160
cscript.exe:2436
cscript.exe:3324
cscript.exe:2632
cscript.exe:3672
cscript.exe:2948
cscript.exe:3736
cscript.exe:2344
cscript.exe:1052
cscript.exe:1968
cscript.exe:4000
cscript.exe:2224
cscript.exe:3436
cscript.exe:1568
cscript.exe:1112
cscript.exe:2500
cscript.exe:2648
cscript.exe:2724
cscript.exe:2644
cscript.exe:1276
cscript.exe:3484
cscript.exe:3352
cscript.exe:3056
cscript.exe:2132
cscript.exe:3052
cscript.exe:3780
cscript.exe:1040
cscript.exe:3540
cscript.exe:3380
cscript.exe:948
cscript.exe:4012
cscript.exe:3788
cscript.exe:804
The Malware injects its code into the following process(es):
fGAwoYMM.exe:1864
reIEcoQI.exe:232
NesIMIQs.exe:228
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:3076 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AikAYYsE.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EosMskMk.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AikAYYsE.bat (0 bytes)
The process %original file name%.exe:3928 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZyEgAEoE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XYwgogYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XiEscooM.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fEIssgcU.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZyEgAEoE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XiEscooM.bat (0 bytes)
The process %original file name%.exe:2184 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cAkkgUUE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EegIIkAM.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EegIIkAM.bat (0 bytes)
The process %original file name%.exe:2656 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QCowssYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZQcQcsMg.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QCowssYQ.bat (0 bytes)
The process %original file name%.exe:2840 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iigQokYY.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KeYQEIQA.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iigQokYY.bat (0 bytes)
The process %original file name%.exe:4024 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xqsMAIQM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ocAAsUsQ.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xqsMAIQM.bat (0 bytes)
The process %original file name%.exe:4092 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uiswAccA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FyowAYIU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FyowAYIU.bat (0 bytes)
The process %original file name%.exe:2320 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eKAQckoA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lsUYUoIM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uyoEIMoU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\huwEcEoU.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eKAQckoA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uyoEIMoU.bat (0 bytes)
The process %original file name%.exe:3552 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tQMsAcUs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fqMUsgso.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mskosYkY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DMMwAEck.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tQMsAcUs.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fqMUsgso.bat (0 bytes)
The process %original file name%.exe:2484 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WockIEgs.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PMsUEkgA.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WockIEgs.bat (0 bytes)
The process %original file name%.exe:2480 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LQQkEMwU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PyoUwIEM.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LQQkEMwU.bat (0 bytes)
The process %original file name%.exe:3792 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wYYMYUks.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uWwogccE.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uWwogccE.bat (0 bytes)
The process %original file name%.exe:2120 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AKkIUoYc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vucYgcYk.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AKkIUoYc.bat (0 bytes)
The process %original file name%.exe:3852 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QaIUcAUs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LkEsggoM.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LkEsggoM.bat (0 bytes)
The process %original file name%.exe:2400 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rusAscwU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bwAMEsMM.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rusAscwU.bat (0 bytes)
The process %original file name%.exe:3996 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QosEYAco.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SOwIEUsE.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SOwIEUsE.bat (0 bytes)
The process %original file name%.exe:548 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kyUYYwoQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JKwIUoow.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kyUYYwoQ.bat (0 bytes)
The process %original file name%.exe:1916 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nyQUoEcY.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XEwcwMok.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nyQUoEcY.bat (0 bytes)
The process %original file name%.exe:348 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aGoUYMEw.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dIwoAwMk.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dIwoAwMk.bat (0 bytes)
The process %original file name%.exe:1460 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aIEUsUoo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XgkEoAAs.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UIoIMMkw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NIEUkEIA.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XgkEoAAs.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UIoIMMkw.bat (0 bytes)
The process %original file name%.exe:1672 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eOAEcIoQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oksIgYMU.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eOAEcIoQ.bat (0 bytes)
The process %original file name%.exe:2912 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MyUQoIAQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LUYIIcQw.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LUYIIcQw.bat (0 bytes)
The process %original file name%.exe:1792 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HYMkQgQI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BMgEYgUQ.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BMgEYgUQ.bat (0 bytes)
The process %original file name%.exe:1796 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oEkYUEEw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qCYIgMss.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cIUoMMwM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jWsksgII.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cIUoMMwM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jWsksgII.bat (0 bytes)
The process %original file name%.exe:3644 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rUoMYAwc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DskEMwcU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DskEMwcU.bat (0 bytes)
The process %original file name%.exe:1068 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FyEcwAgo.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lOkkQMMo.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lOkkQMMo.bat (0 bytes)
The process %original file name%.exe:3564 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OOskgIEQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hmUEwsUQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XikMAgEM.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\maEEAYAc.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hmUEwsUQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\maEEAYAc.bat (0 bytes)
The process %original file name%.exe:1824 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rYggkkYk.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AisAYoYc.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AisAYoYc.bat (0 bytes)
The process %original file name%.exe:3568 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DmAUkMkg.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YoEIoEUo.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DmAUkMkg.bat (0 bytes)
The process %original file name%.exe:2996 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NSEoowcQ.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AQQwMooM.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AQQwMooM.bat (0 bytes)
The process %original file name%.exe:2496 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FYUcQoYE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uCYQAUgM.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FYUcQoYE.bat (0 bytes)
The process %original file name%.exe:928 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MwscoIgU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FyscQsgU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FyscQsgU.bat (0 bytes)
The process %original file name%.exe:2412 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gGowookg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\twQEgQwc.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\twQEgQwc.bat (0 bytes)
The process %original file name%.exe:2392 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\usQswYoI.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jIAwMYgc.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jIAwMYgc.bat (0 bytes)
The process %original file name%.exe:828 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iukgEUQU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gWIQIwko.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iukgEUQU.bat (0 bytes)
The process %original file name%.exe:2256 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sIgQQwEk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HuYYAIMU.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sIgQQwEk.bat (0 bytes)
The process %original file name%.exe:2796 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aAUYQgcA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gIkgIoEA.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gIkgIoEA.bat (0 bytes)
The process %original file name%.exe:2252 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wMMoQEAA.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VwsMMMoA.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VwsMMMoA.bat (0 bytes)
The process %original file name%.exe:3772 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LmscEwQs.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SOAAMwEU.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SOAAMwEU.bat (0 bytes)
The process %original file name%.exe:2900 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oqEocAIc.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xEMIcsIQ.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xEMIcsIQ.bat (0 bytes)
The process %original file name%.exe:2472 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EaMcAQsY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WeMwscsk.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WeMwscsk.bat (0 bytes)
The process %original file name%.exe:3628 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kKosksok.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oIIkcYgU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oIIkcYgU.bat (0 bytes)
The process %original file name%.exe:2772 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MMcoYcMY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HyIIUMAg.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HyIIUMAg.bat (0 bytes)
The process %original file name%.exe:2776 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KycAAEYU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zUgMgAwQ.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zUgMgAwQ.bat (0 bytes)
The process %original file name%.exe:3140 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KucAAkkA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gaAcQMIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\quEssMww.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HOUkEEEo.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KucAAkkA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HOUkEEEo.bat (0 bytes)
The process %original file name%.exe:3272 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IOIcQEck.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uccUUcQU.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uccUUcQU.bat (0 bytes)
The process %original file name%.exe:3148 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DcMYEkIw.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kgAgsEMk.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DcMYEkIw.bat (0 bytes)
The process %original file name%.exe:2308 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\okkEMMAo.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vqEgAwYs.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\okkEMMAo.bat (0 bytes)
The process %original file name%.exe:2540 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TiwEAwQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZKgckogQ.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZKgckogQ.bat (0 bytes)
The process %original file name%.exe:1716 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gassAQcw.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QYgwYEgE.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QYgwYEgE.bat (0 bytes)
The process %original file name%.exe:2980 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jGQksQEI.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QWMkAQkU.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jGQksQEI.bat (0 bytes)
The process %original file name%.exe:4048 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kOgMkckU.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vaUsIQko.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vaUsIQko.bat (0 bytes)
The process %original file name%.exe:3388 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OIEokAEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jOswgwUQ.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jOswgwUQ.bat (0 bytes)
The process %original file name%.exe:2176 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qMQEEYEc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lkcUYYEU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lkcUYYEU.bat (0 bytes)
The process %original file name%.exe:3160 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EWUwYsIQ.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fWcQEEco.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EWUwYsIQ.bat (0 bytes)
The process %original file name%.exe:2076 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wKwwYkwY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\muwkMIQU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\muwkMIQU.bat (0 bytes)
The process %original file name%.exe:3580 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MowosgAg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nKUIYQoU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QcIwEgYs.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hiQIocMA.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MowosgAg.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QcIwEgYs.bat (0 bytes)
The process %original file name%.exe:3956 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zIkoEwMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PwUYEsEI.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PwUYEsEI.bat (0 bytes)
The process %original file name%.exe:304 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LUEgUMsI.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hikAIoww.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hikAIoww.bat (0 bytes)
The process %original file name%.exe:3216 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oEAoIIQg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UkMAMcwo.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UkMAMcwo.bat (0 bytes)
The process %original file name%.exe:2764 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZoEQccQc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vaYMQYcY.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vaYMQYcY.bat (0 bytes)
The process %original file name%.exe:380 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eUQAEYEE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NiocYYMA.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eUQAEYEE.bat (0 bytes)
The process %original file name%.exe:1932 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rGgIoEcg.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lQgkQkkU.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lQgkQkkU.bat (0 bytes)
The process %original file name%.exe:1776 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OgEUgsUQ.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\waoUYMAk.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OgEUgsUQ.bat (0 bytes)
The process %original file name%.exe:240 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aUYIYMcY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AcscEkgI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PMcgQQAE.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aaMskYwI.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AcscEkgI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PMcgQQAE.bat (0 bytes)
The process %original file name%.exe:388 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vCEIEkIA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MOMkEIsA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MCAQgAkY.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LGAIkYII.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vCEIEkIA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MOMkEIsA.bat (0 bytes)
The process %original file name%.exe:2836 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bKMsIogI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PUsYggkI.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PUsYggkI.bat (0 bytes)
The process %original file name%.exe:3508 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ziAggAYA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qCAgIUck.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qCAgIUck.bat (0 bytes)
The process %original file name%.exe:2276 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xYYoQMgo.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ykoMYoUI.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ykoMYoUI.bat (0 bytes)
The process %original file name%.exe:244 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RisUIwgo.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dcMwcEEo.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RisUIwgo.bat (0 bytes)
The process %original file name%.exe:2576 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zeAwMMEw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MIMQwQYs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iiocMYsc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mQoMUUYk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lYccoAEI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\imAAgYIA.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (540 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MIMQwQYs.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\imAAgYIA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zeAwMMEw.bat (0 bytes)
The process %original file name%.exe:1840 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JOQEMAYI.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DWAskUMs.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JOQEMAYI.bat (0 bytes)
The process %original file name%.exe:3016 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PKgQYwQo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AAIEMYkg.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PKgQYwQo.bat (0 bytes)
The process %original file name%.exe:2992 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MMcYokEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EykYYwgc.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EykYYwgc.bat (0 bytes)
The process %original file name%.exe:3096 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EeMkIAcE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QcYAIwUs.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QcYAIwUs.bat (0 bytes)
The process %original file name%.exe:644 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NcMAUock.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\acQEowkw.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NcMAUock.bat (0 bytes)
The process %original file name%.exe:2676 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hKgEoIUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZQgcgkkk.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZQgcgkkk.bat (0 bytes)
The process %original file name%.exe:3188 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UIwgokYs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fSgIokoM.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fSgIokoM.bat (0 bytes)
The process %original file name%.exe:2372 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yUMEkMIY.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hSUIIQsY.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yUMEkMIY.bat (0 bytes)
The process %original file name%.exe:1224 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nkQQMgkY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fAoIAQMg.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fAoIAQMg.bat (0 bytes)
The process %original file name%.exe:3124 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bYUIAUMI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GqEAEEUM.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bYUIAUMI.bat (0 bytes)
The process %original file name%.exe:1228 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WkEcYYwg.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qmgoYkYI.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qmgoYkYI.bat (0 bytes)
The process %original file name%.exe:3696 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eOcoQssE.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TSIkAsgI.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eOcoQssE.bat (0 bytes)
The process %original file name%.exe:2800 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XQYUAQQk.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jkEwYIQk.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jkEwYIQk.bat (0 bytes)
The process %original file name%.exe:1900 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rWQoAwEI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CqEcUEAM.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rWQoAwEI.bat (0 bytes)
The process %original file name%.exe:2880 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vgooIccw.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vsUooIoM.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vgooIccw.bat (0 bytes)
The process %original file name%.exe:3368 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iusQYcoc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TSwkQQUU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TSwkQQUU.bat (0 bytes)
The process %original file name%.exe:1980 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HeMwUYcA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\feIwEIcE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BkwoUkcU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VogYcwgw.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VogYcwgw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BkwoUkcU.bat (0 bytes)
The process %original file name%.exe:3692 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jmccUQEo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PMYIooQc.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PMYIooQc.bat (0 bytes)
The process %original file name%.exe:3360 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WGEgYcgA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aegogUoI.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WGEgYcgA.bat (0 bytes)
The process %original file name%.exe:1988 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\suQYYwYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QUkMIgcY.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\suQYYwYI.bat (0 bytes)
The process %original file name%.exe:3088 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NGgEEIwc.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EsgYwUQU.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EsgYwUQU.bat (0 bytes)
The process %original file name%.exe:1032 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iucscMwE.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aEUkEMEA.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iucscMwE.bat (0 bytes)
The process %original file name%.exe:3084 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sqgkkQkg.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BGAUYsgg.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sqgkkQkg.bat (0 bytes)
The process %original file name%.exe:2360 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nCEswUkU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zukoUEcs.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zukoUEcs.bat (0 bytes)
The process %original file name%.exe:3600 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OqggowoY.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SscAogYQ.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OqggowoY.bat (0 bytes)
The process %original file name%.exe:2152 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AwMsEgwM.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QeUEQggs.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AwMsEgwM.bat (0 bytes)
The process %original file name%.exe:636 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GkcEMscM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AwcssIcs.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AwcssIcs.bat (0 bytes)
The process %original file name%.exe:2580 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ruMAUcsE.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wUssIscA.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ruMAUcsE.bat (0 bytes)
The process %original file name%.exe:2420 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kuYIIUQI.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wOUgUAks.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kuYIIUQI.bat (0 bytes)
The process %original file name%.exe:464 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe (3921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYEAscMY.bat (4 bytes)
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe (3777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xKIMEUMQ.bat (112 bytes)
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe (3753 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RYEAscMY.bat (0 bytes)
The process %original file name%.exe:3892 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AsYEQcIQ.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CQcgMokE.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CQcgMokE.bat (0 bytes)
The process %original file name%.exe:1596 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ugcUIIgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VKUAQgYU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VKUAQgYU.bat (0 bytes)
The process %original file name%.exe:3520 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZUMYskUw.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zCQwsIwQ.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZUMYskUw.bat (0 bytes)
The process %original file name%.exe:3288 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SekAcgcA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JoogQMEI.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geIIMoMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LAcAswsY.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SekAcgcA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LAcAswsY.bat (0 bytes)
The process %original file name%.exe:2188 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YsMQoIYI.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KsUkMUks.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YsMQoIYI.bat (0 bytes)
The process %original file name%.exe:3280 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jUwkoYgI.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XWgQgsEo.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jUwkoYgI.bat (0 bytes)
The process %original file name%.exe:220 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xeAQgQAU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bUkAUAIo.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xeAQgQAU.bat (0 bytes)
The process %original file name%.exe:3688 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KSwQYcME.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fEQoAkYQ.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fEQoAkYQ.bat (0 bytes)
The process %original file name%.exe:3444 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XwYcEwwU.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCMEwUYQ.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SCMEwUYQ.bat (0 bytes)
The process %original file name%.exe:3680 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KkwYUUIw.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mmUswwQM.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mmUswwQM.bat (0 bytes)
The process %original file name%.exe:1028 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PSgwwgAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eQwEkQkM.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PSgwwgAE.bat (0 bytes)
The process %original file name%.exe:2892 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AEMcgUcU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XwoYsUQI.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XwoYsUQI.bat (0 bytes)
The process %original file name%.exe:3964 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sMoAsQUY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lcYgUUsk.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lcYgUUsk.bat (0 bytes)
The process %original file name%.exe:3532 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mecYwwgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IsgIgwEE.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IsgIgwEE.bat (0 bytes)
The process %original file name%.exe:816 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LUIUowgI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yuoUQUwo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MgkIIUsQ.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rEskQEYA.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LUIUowgI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yuoUQUwo.bat (0 bytes)
The process %original file name%.exe:1452 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jMoMQAQM.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NEscsQsc.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jMoMQAQM.bat (0 bytes)
The process %original file name%.exe:3116 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zCAkIwYc.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wMEocYwo.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wMEocYwo.bat (0 bytes)
The process %original file name%.exe:2100 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\boQIYsUY.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hEoscAoQ.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hEoscAoQ.bat (0 bytes)
The process %original file name%.exe:2692 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HacEYgQg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VCcIAgYY.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VCcIAgYY.bat (0 bytes)
The process %original file name%.exe:1108 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wQoAEoQQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NCMsAMoU.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wQoAEoQQ.bat (0 bytes)
The process %original file name%.exe:4080 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CiwcUowk.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cSEAgEss.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CiwcUowk.bat (0 bytes)
The process %original file name%.exe:2736 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xEgwMMcc.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wmoMQkwo.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xEgwMMcc.bat (0 bytes)
The process %original file name%.exe:3868 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kMckAIEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\doAUAoYI.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\doAUAoYI.bat (0 bytes)
The process %original file name%.exe:2868 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kkcgUwQM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tWYkAIco.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kkcgUwQM.bat (0 bytes)
The process %original file name%.exe:3632 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eMEwQkoM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WcIYgkQQ.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eMEwQkoM.bat (0 bytes)
The process %original file name%.exe:2436 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZkIIEkkU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WgYUAEoo.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZkIIEkkU.bat (0 bytes)
The process %original file name%.exe:3460 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cKsEUggA.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VOIcIsEQ.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cKsEUggA.bat (0 bytes)
The process %original file name%.exe:2816 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BswcogUk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TWAIQkQU.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BswcogUk.bat (0 bytes)
The process %original file name%.exe:2948 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OQwgQYcg.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYsQkAwM.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RYsQkAwM.bat (0 bytes)
The process %original file name%.exe:3068 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RUMEkMIU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gIkgEEwM.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RUMEkMIU.bat (0 bytes)
The process %original file name%.exe:1052 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sqYEYIsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JuUUkUEk.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sqYEYIsw.bat (0 bytes)
The process %original file name%.exe:2944 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\pWQAMgIY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MOUQQUsY.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\pWQAMgIY.bat (0 bytes)
The process %original file name%.exe:2340 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GaoYUAEw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cYAUooAc.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cYAUooAc.bat (0 bytes)
The process %original file name%.exe:2228 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SGkEEsEQ.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RQgoYwMg.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SGkEEsEQ.bat (0 bytes)
The process %original file name%.exe:3196 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jiQkcUcQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZoAMUowU.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZoAMUowU.bat (0 bytes)
The process %original file name%.exe:3432 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tqMMYcsk.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pAMIYYQE.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\pAMIYYQE.bat (0 bytes)
The process %original file name%.exe:4004 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aUswAQso.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QYIkswoc.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QYIkswoc.bat (0 bytes)
The process %original file name%.exe:2348 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tcEwUAIg.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bAkMUsYY.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tcEwUAIg.bat (0 bytes)
The process %original file name%.exe:1196 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cawckwMs.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DqsEEkss.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cawckwMs.bat (0 bytes)
The process %original file name%.exe:1568 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zAkQQIEk.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nmwwwgoI.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zAkQQIEk.bat (0 bytes)
The process %original file name%.exe:2036 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wmcUEIYg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xqMcAcsw.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xqMcAcsw.bat (0 bytes)
The process %original file name%.exe:2672 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VwQgoMcw.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The process %original file name%.exe:3480 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IeMUkcAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vUkkUoYM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ieUkAYsM.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MwQQkAUg.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IeMUkcAc.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vUkkUoYM.bat (0 bytes)
The process %original file name%.exe:2748 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mQwAEAAQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jmscsoIY.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jmscsoIY.bat (0 bytes)
The process %original file name%.exe:3812 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gyUEQQAk.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NMgcQksw.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NMgcQksw.bat (0 bytes)
The process %original file name%.exe:2500 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aisIAAAE.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JUAcIkss.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aisIAAAE.bat (0 bytes)
The process %original file name%.exe:3916 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\suwUoEMw.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HWosQYYI.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\suwUoEMw.bat (0 bytes)
The process %original file name%.exe:2724 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AAoQUIsI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pmYgMwsI.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\pmYgMwsI.bat (0 bytes)
The process %original file name%.exe:612 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\scgcYYQI.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vmoogEMM.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\scgcYYQI.bat (0 bytes)
The process %original file name%.exe:1816 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KuowMoog.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XmAIEwsA.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KuowMoog.bat (0 bytes)
The process %original file name%.exe:1608 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kUkYsIUE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rEQcAUUg.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rEQcAUUg.bat (0 bytes)
The process %original file name%.exe:3428 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BqcAYQgM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rcAQosEI.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rcAQosEI.bat (0 bytes)
The process %original file name%.exe:3228 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EggcIsww.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PysUoIwc.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PysUoIwc.bat (0 bytes)
The process %original file name%.exe:1860 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\maAQoIcg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dkAUggUo.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dkAUggUo.bat (0 bytes)
The process %original file name%.exe:1600 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GEYQgwYo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ioIwUkQg.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WCkMsAwU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SQAsAscY.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SQAsAscY.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ioIwUkQg.bat (0 bytes)
The process %original file name%.exe:940 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gEgoMoos.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wgoMcQAc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nSEoAoww.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mMcckssw.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nSEoAoww.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mMcckssw.bat (0 bytes)
The process %original file name%.exe:356 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YIQcssYE.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OKogQIAc.bat (112 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YIQcssYE.bat (0 bytes)
The process %original file name%.exe:2004 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SEQUsIoA.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IeoEQkQc.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IeoEQkQc.bat (0 bytes)
The process %original file name%.exe:3224 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ckIcsIAA.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YiYAsAAU.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YiYAsAAU.bat (0 bytes)
The process %original file name%.exe:2604 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mUUQEwow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JcAIIAsk.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JcAIIAsk.bat (0 bytes)
The process %original file name%.exe:3340 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RscEMcgY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lWYMAEEw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dGkswsIU.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bUgQYUww.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lWYMAEEw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bUgQYUww.bat (0 bytes)
The process %original file name%.exe:804 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IkkQUQow.bat (112 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VosAgIgw.bat (4 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VosAgIgw.bat (0 bytes)
The process NesIMIQs.exe:228 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (7726 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (2321 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (30812 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (2321 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (3073 bytes)
C:\totalcmd\TCUNINST.EXE.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\KAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (3361 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (3073 bytes)
C:\totalcmd\TCMDX32.EXE.exe (3361 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (3361 bytes)
C:\totalcmd\TcUsbRun.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (5441 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (2321 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp (0 bytes)
C:\totalcmd\TCUNINST.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp (0 bytes)
C:\totalcmd\TCMADMIN.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg (0 bytes)
C:\totalcmd\TCMDX32.EXE (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg (0 bytes)
C:\totalcmd\TOTALCMD.EXE (0 bytes)
Registry activity
The process %original file name%.exe:3076 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B 9A 62 BB BB F0 23 F4 7B E6 CC 69 8A 28 8F 26"
The process %original file name%.exe:3928 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "15 5B 86 1A 08 A2 C3 54 AD 7A 9E 5E 61 D1 C2 B1"
The process %original file name%.exe:2184 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 2A 5F 48 D9 9C 19 4F A6 0D B2 F5 4F 6B DB 66"
The process %original file name%.exe:2656 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 E0 6A C7 5B DC 77 25 E7 43 C3 49 18 9E B6 01"
The process %original file name%.exe:2840 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E5 76 93 67 DF 13 C9 3A C6 17 16 92 A4 19 AB 08"
The process %original file name%.exe:4024 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 17 5C 7B B4 17 BA 21 45 10 AE 67 8E 92 7D DB"
The process %original file name%.exe:4092 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 01 C0 DA 69 C5 BD 70 B1 86 B9 3C 2C F6 CA 9D"
The process %original file name%.exe:2320 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "11 C0 65 54 F8 FF C8 3E 1D 40 CC BE 11 BA 4B 84"
The process %original file name%.exe:3552 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB D9 A6 8D 43 D8 7D D0 23 C1 54 07 EF B6 12 CE"
The process %original file name%.exe:2484 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE CB 91 10 6A 85 58 2D 15 68 BB 2B 32 2A 70 1F"
The process %original file name%.exe:2480 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 B1 CB E9 3C 9D C7 63 D2 5C EE 42 72 2F 9C 90"
The process %original file name%.exe:3792 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F9 50 A8 22 99 6B B9 62 91 B3 05 C9 10 16 DF 81"
The process %original file name%.exe:2120 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DF F6 E8 D0 77 06 0A 86 07 7C C3 BB CD A9 64 61"
The process %original file name%.exe:3852 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF ED 8C C1 D1 D7 41 70 D1 85 57 4F 72 50 9B 88"
The process %original file name%.exe:2400 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FB B5 54 C4 E6 CD 33 B3 2C CE 4F 1A E8 42 6F 1D"
The process %original file name%.exe:3996 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A EC A7 5D A0 BB 87 7D B4 3E 0A E1 E0 22 C6 B0"
The process %original file name%.exe:548 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 2D 5A 73 E7 A7 DD 65 A8 28 64 62 47 EB 40 D5"
The process %original file name%.exe:1916 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 4B 72 D5 88 68 A7 E8 33 9B 63 61 BC 12 75 77"
The process %original file name%.exe:348 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F C6 9D EA 23 8C BB 61 49 6C 6C 47 19 80 38 63"
The process %original file name%.exe:1460 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 57 3A E2 8E 87 A9 90 3C E3 B8 CF 7E EF CE 51"
The process %original file name%.exe:1672 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "43 67 C7 2E B8 87 B1 96 2A B7 2B 56 DC C1 7A EF"
The process %original file name%.exe:2912 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BD DB FF 40 C8 5F A7 0B BC 37 82 3C 57 DB DF 65"
The process %original file name%.exe:1792 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "47 C4 C6 87 B1 4F 4C 15 06 72 B7 BB A4 86 1C 40"
The process %original file name%.exe:1796 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 28 53 B4 60 83 91 A8 15 7A A8 18 90 B7 DE C5"
The process %original file name%.exe:3644 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B3 11 4F EE A8 4A 65 9B 3D 50 EB 77 47 15 EA 24"
The process %original file name%.exe:1068 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 D0 CD C3 A0 52 25 0C E3 6C C7 A9 2E BD 7E CA"
The process %original file name%.exe:3564 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 0D 78 39 DD A8 51 A6 71 5A 09 22 D0 99 3C 32"
The process %original file name%.exe:1824 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 AA 9F 6F 1E 69 E5 45 19 D6 E8 68 5D 08 78 17"
The process %original file name%.exe:3568 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "60 10 95 E7 5F 31 01 57 A5 BA 24 68 4A AC F2 BB"
The process %original file name%.exe:2996 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "05 15 60 44 25 7E 52 93 68 AD 70 7F 35 02 36 5C"
The process %original file name%.exe:2496 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F 30 86 B4 51 E4 BA 09 A9 A3 BF DB C2 93 38 4F"
The process %original file name%.exe:928 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 C5 EC A5 86 04 67 CC 6B 59 C3 1F 57 B8 46 F3"
The process %original file name%.exe:2412 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 3B 18 3E CF B6 2E 19 DD B2 46 9F 07 BC 8A 99"
The process %original file name%.exe:2392 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 09 9A 99 91 15 CD 45 70 2D C0 87 57 C4 9C D2"
The process %original file name%.exe:828 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 C6 C5 7F C8 E7 78 9D 5E 5D A6 81 EB FF 2B 12"
The process %original file name%.exe:2256 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 23 52 9B E1 5A 3D 23 FE 4D 0D 7D 4D 96 B4 12"
The process %original file name%.exe:2796 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D2 23 B5 71 86 C2 A7 8F A6 09 7C 50 7D 50 E1 0A"
The process %original file name%.exe:2252 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "78 8A A5 76 5A 66 A8 14 80 FC 98 8F 77 AC 80 07"
The process %original file name%.exe:3772 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F EA 86 3C 46 62 09 31 A4 D0 76 52 9F B5 E6 5C"
The process %original file name%.exe:2900 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EA F6 90 AC 78 46 25 4E 74 A3 19 79 8A DA D3 83"
The process %original file name%.exe:2472 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3B 4C 28 D6 85 81 8E D0 39 53 8F 1D CE 00 D8 1C"
The process %original file name%.exe:3628 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 D1 E2 F1 98 5F 71 13 8A 22 75 84 37 43 8C DA"
The process %original file name%.exe:2772 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "26 D1 4D A7 0A CB 61 25 5C 64 9F 18 69 A9 BE C2"
The process %original file name%.exe:2776 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "64 A4 54 E4 25 09 F7 DE A6 DD 13 FA A7 7C 14 F5"
The process %original file name%.exe:3140 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E DD C4 B2 BE 63 0E B8 0F F4 84 88 D3 F0 B4 6A"
The process %original file name%.exe:3272 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 68 95 DA 46 C8 49 42 56 1F 4E 37 4D 43 15 53"
The process %original file name%.exe:3148 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 64 4A F5 E9 5C 9D 75 55 74 F8 DF 21 C2 3E 5F"
The process %original file name%.exe:2308 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 54 1B 52 02 82 B5 6E E1 45 24 87 D7 F5 ED A8"
The process %original file name%.exe:2540 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "26 0F AA 8B 4C 83 6B 80 43 8B 2E DF 28 93 A8 29"
The process %original file name%.exe:1716 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "60 E6 AB F3 7F B8 78 D8 57 5A 3F 05 25 F4 53 9D"
The process %original file name%.exe:2980 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE CA 60 8B 5D B1 F7 60 C4 24 2D 8A DC 9D CC B7"
The process %original file name%.exe:4048 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5A F5 D6 63 A8 31 32 10 36 A0 4F 51 90 41 9E 59"
The process %original file name%.exe:3388 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 51 36 24 0C 57 EA 18 C7 67 35 D6 BE 9B 75 90"
The process %original file name%.exe:2176 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 AE 89 56 EE 17 0F F9 84 6D 71 38 92 BA 04 E2"
The process %original file name%.exe:3160 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B4 B5 18 6F A9 7D DF EB 80 14 9E 5B D1 F4 CF E1"
The process %original file name%.exe:2076 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 F4 B1 D2 67 BA E2 90 10 B9 4B 4B 8B 48 50 6D"
The process %original file name%.exe:3580 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A 3C F6 ED F4 35 D8 E9 3E 9B 07 16 6F 21 F3 33"
The process %original file name%.exe:3956 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 BC 61 63 C0 F0 D8 28 15 8D 09 45 86 4F C8 9A"
The process %original file name%.exe:304 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E 0C 54 4A 64 62 26 04 EA 1C C2 96 AF F2 B6 EB"
The process %original file name%.exe:3216 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 8E CC 0F B7 D7 37 FF 94 D7 28 AF F2 A3 BB 43"
The process %original file name%.exe:2764 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 B2 98 94 36 40 43 1C 5E 7E 95 32 0A 96 5A B5"
The process %original file name%.exe:380 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 E3 41 B6 20 8D DC 02 74 BF DA 60 71 0D E5 FF"
The process %original file name%.exe:1932 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 DC 27 41 E4 59 53 AE B4 8F A6 83 5C 76 49 FB"
The process %original file name%.exe:1776 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E2 43 83 2A A2 2B FF 02 9A 7D FD 4A ED 0E 13 D0"
The process %original file name%.exe:240 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED D1 69 11 DC B0 3D 74 29 9D 6B 24 8D C5 6F DE"
The process %original file name%.exe:388 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "05 F4 BF 39 7B 29 EB 02 4F 8B CE 59 7E 80 8B 53"
The process %original file name%.exe:2836 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "05 24 79 89 9D 12 0B E5 C6 23 61 FD 37 AE C2 04"
The process %original file name%.exe:3508 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DD 87 E2 62 68 02 FC F6 88 B3 8D 1D 45 95 AC 7B"
The process %original file name%.exe:2276 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA 50 3E E6 F7 2F B2 04 B2 70 67 AA 99 08 43 45"
The process %original file name%.exe:244 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 ED 36 13 ED B0 D4 A9 F1 DF E2 2B 67 CA 8E AF"
The process %original file name%.exe:2576 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4B 25 7C 79 8E F2 2B 0C A8 F0 75 1E A9 6A 4B 4E"
The process %original file name%.exe:1840 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 16 27 BD ED CF D2 B0 11 C5 5B D1 DF 9E B4 24"
The process %original file name%.exe:3016 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 26 C9 DE 6E BF 54 66 81 89 BD D0 8A 4F A8 F0"
The process %original file name%.exe:2992 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F D8 38 58 39 07 88 F9 57 4D 81 53 35 AD 77 B1"
The process %original file name%.exe:3096 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 40 B9 16 F6 C7 AA 18 4D BC 58 39 E8 60 CD CD"
The process %original file name%.exe:644 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 60 B6 A3 FA 7A 34 3F A4 85 8D AE BA DB F5 09"
The process %original file name%.exe:2676 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F 9E 79 48 E4 84 9E 59 B3 4C 91 57 FC 67 63 A5"
The process %original file name%.exe:3188 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D9 D3 04 8F 6A 75 90 DA D2 86 DC AD 43 CD 6F 74"
The process %original file name%.exe:2372 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A6 CC 0B 26 82 26 D7 08 F6 2A 4A C4 2E 1B B7 A2"
The process %original file name%.exe:1224 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF 69 1B 5E B8 18 67 0E 7F 15 AE 27 84 A8 8E 2F"
The process %original file name%.exe:3124 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 AE 4D 3D 3A 91 F0 5F 6C C4 38 73 FC 1D 0C 72"
The process %original file name%.exe:1228 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 03 1C 53 B8 34 8E 93 B3 02 04 B0 EE B4 47 C3"
The process %original file name%.exe:3696 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 45 B8 4D 1B 30 D1 62 34 A6 54 07 FF 75 02 F8"
The process %original file name%.exe:2800 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 46 F8 D7 40 C8 4E 4A 2E D4 D6 09 1C 5F A2 DF"
The process %original file name%.exe:1900 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 3B 55 9B 25 56 AF E5 B7 69 D2 24 72 AF DA 11"
The process %original file name%.exe:2880 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "62 C2 7B 23 7A AD 46 0E F4 AE 37 4F D3 5A AE A1"
The process %original file name%.exe:3368 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 63 A8 68 8E 7A 54 FB B0 B8 72 E0 3F 88 56 0A"
The process %original file name%.exe:1980 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B B8 F2 24 92 85 1B 58 10 40 F3 44 70 0F AE 3E"
The process %original file name%.exe:3692 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 2D A8 9E DE 2D BC 6A 15 D3 F1 94 A6 3A 78 71"
The process %original file name%.exe:3360 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BC 89 E5 69 87 A1 65 E4 98 9D 3A 87 14 0F D1 10"
The process %original file name%.exe:1988 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 F6 3C E0 A9 A2 DD 31 BE 9F E3 42 2C 9C 38 DF"
The process %original file name%.exe:3088 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D D3 2D 32 97 8F CC 6F 02 F4 17 9E FF 3C 61 D3"
The process %original file name%.exe:1032 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 06 ED 3A B7 9F B4 88 7C B1 7F EE 9E C6 7D E3"
The process %original file name%.exe:3084 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC 18 B2 35 8B B3 79 F9 17 C8 5C CA FD CE 23 54"
The process %original file name%.exe:2360 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E2 4E 70 59 84 F1 31 53 6E BD 85 01 3A 0F 3F 3B"
The process %original file name%.exe:3600 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 3E 63 2C 69 0E 91 75 87 57 75 0C EB FC 8B 88"
The process %original file name%.exe:2152 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5A 89 6F D6 8F 26 58 D7 CE 24 13 A8 A8 56 BF 8A"
The process %original file name%.exe:636 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 9F F3 F3 DA 7F 15 9F 69 26 8E 70 EC A7 62 DA"
The process %original file name%.exe:2580 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B 3B 9B 0B 1B 24 EE A0 65 C2 B0 F1 18 A2 A1 E3"
The process %original file name%.exe:2420 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 04 BA 76 13 64 C1 05 94 B7 AD B1 7E 6C 8A FE"
The process %original file name%.exe:464 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 25 67 3A 26 60 F5 89 AC 8A 10 9A C6 8A 57 61"
To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
The process %original file name%.exe:3892 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 20 6E 45 3A 33 64 1E A4 75 4D E4 93 B5 B8 3D"
The process %original file name%.exe:1596 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2C AD 3A FB 20 7D A9 E8 63 16 8B 82 A6 9A 3C 55"
The process %original file name%.exe:3520 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 6A C0 98 70 FF A4 87 6E 15 09 A7 52 43 46 EB"
The process %original file name%.exe:3288 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 25 86 97 80 48 F0 5A 6F 2E 15 87 60 15 8F B8"
The process %original file name%.exe:2188 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 37 0B 83 3D 6A 74 F5 20 56 71 56 4F 7C A8 D3"
The process %original file name%.exe:3280 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 B5 5F 68 B8 8C AD 8B A2 59 D5 2A 4A 40 51 D7"
The process %original file name%.exe:220 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C 65 EE 4F 18 64 DA 38 8C F8 85 5B 7E 97 44 40"
The process %original file name%.exe:3688 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A 23 90 FE 7E 8A 7D 8A BA 57 F9 86 CA 6C E1 26"
The process %original file name%.exe:3444 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F 9E 36 EB 6B A9 4A A1 52 53 4D B1 50 8F F5 A9"
The process %original file name%.exe:3680 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D E9 7E 35 DD BD 5D BC B6 54 3C 0E AA 5D 70 9A"
The process %original file name%.exe:1028 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F5 6D D5 A7 30 C9 A5 A2 7C AA 2B 94 F5 A2 D1 71"
The process %original file name%.exe:2892 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A 34 4E 2D 36 F2 FF 17 D6 82 CE BE AE FE A3 64"
The process %original file name%.exe:3964 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BD 01 71 C1 BE 45 C5 5D 0D 79 E6 19 19 35 1D B4"
The process %original file name%.exe:3532 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EA 34 27 0D 28 B9 23 68 65 32 DE 0F C6 29 45 51"
The process %original file name%.exe:816 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 7D 42 D4 C4 D2 2A FB AA 10 7C BA 9E CA 28 AB"
The process %original file name%.exe:1452 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 FC A8 A3 AE EB 86 35 73 2E 71 CB B9 07 75 14"
The process %original file name%.exe:3116 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 78 87 FC F8 B0 A5 C9 65 D2 22 A4 DE F0 7D A9"
The process %original file name%.exe:2100 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 1A A0 40 F1 A8 FF 28 F6 FA 2F AD A5 0E AC B5"
The process %original file name%.exe:2692 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 54 9F 23 3D EF 06 FD 59 81 C3 2C 33 44 5C 17"
The process %original file name%.exe:1108 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 E5 00 44 7C E4 21 86 93 A0 F1 7B 98 D5 C2 B5"
The process %original file name%.exe:4080 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 C4 A4 CA 47 E9 6B CA E7 93 DF A5 16 A9 3F 10"
The process %original file name%.exe:2736 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 7A 12 B7 C4 47 A5 0D 59 00 F8 52 6D F7 F7 C1"
The process %original file name%.exe:3868 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 04 E4 A9 80 FD BE D0 0D DD 3F EF 3E 83 90 C6"
The process %original file name%.exe:2868 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 B9 C7 D3 6C 10 DE 6F FF 41 6E D2 09 51 D9 4A"
The process %original file name%.exe:3632 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2D BA B7 8E 0C 45 66 21 DC 3B F5 3E 00 D2 D3 C1"
The process %original file name%.exe:2436 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0B 5C 8C 4E 2D C9 D3 26 41 1E 8C A2 8A 26 38 A0"
The process %original file name%.exe:3460 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 E2 F7 59 D8 4B 21 0F B1 CC 56 7D BC DB AB E4"
The process %original file name%.exe:2816 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 DB D6 81 3D 76 9E 9B 7B A1 B5 8C 92 C1 40 7D"
The process %original file name%.exe:2948 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA 6C 1F 27 97 9A BD 9E EA 90 25 B9 19 F8 ED 0C"
The process %original file name%.exe:3068 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "54 ED AA 85 98 B0 FB CB B4 54 57 80 F4 5E 74 E6"
The process %original file name%.exe:1052 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 EA 79 A7 D2 59 DB 39 58 08 56 FF 38 6E 8B 77"
The process %original file name%.exe:2944 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 62 DD 0E 7B 9E 71 C0 4D 0E AF 38 4A 3A EF 1C"
The process %original file name%.exe:2340 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 32 55 1C AC 56 9B AB B6 00 D9 CF 69 AB 3A 03"
The process %original file name%.exe:2228 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 B0 F9 82 B6 0C 17 18 C9 3F 41 C9 FC 5D A6 11"
The process %original file name%.exe:3196 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AC 0A AF DB DC 2E 3C 4C B6 F6 46 BA D3 AE 5D 3B"
The process %original file name%.exe:3432 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "82 90 A0 00 DB CD FE ED D9 F7 49 F6 D9 11 80 2D"
The process %original file name%.exe:4004 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B4 92 2C 0F 7E 10 F0 B4 DC 22 AF 27 34 27 90 06"
The process %original file name%.exe:2348 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 04 8B 3C E0 C6 CF 27 D0 67 BF E7 2F DE 04 26"
The process %original file name%.exe:1196 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2C B6 3A 83 93 0B 94 F4 70 87 69 BA F8 D3 65 E2"
The process %original file name%.exe:1568 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "56 76 0F 79 19 90 F3 D9 6E 7E 05 72 9A F0 5C 62"
The process %original file name%.exe:2036 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 73 F3 47 14 1A 2D 46 53 9A C9 39 84 07 30 57"
The process %original file name%.exe:2672 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D 41 5C D1 28 CF 9A BA 08 12 E7 41 A8 DC C1 61"
The process %original file name%.exe:3480 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 CC 09 8D 22 FF 75 D4 CD 62 F5 78 B3 6C E4 C7"
The process %original file name%.exe:2748 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1A 1D EE EB FF 3E 94 BC 68 EF CE 7F 93 5A 3E 20"
The process %original file name%.exe:3812 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 EC 62 AE EE 43 F7 EA 2F 39 75 81 F4 63 3A 7D"
The process %original file name%.exe:2500 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "59 91 CD 61 36 23 C9 52 03 ED 62 85 CB C1 33 3F"
The process %original file name%.exe:3916 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 5C BA FA 84 42 53 8F 6C 3F A6 8E 2C B6 4C 86"
The process %original file name%.exe:2724 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A4 F5 5B 2F 4F ED 75 BA C7 B4 E3 FC 4D 5B 9F C2"
The process %original file name%.exe:612 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 D2 E5 CC C4 65 0E 01 8F E8 8F 6E C4 37 F7 6A"
The process %original file name%.exe:1816 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AE C6 AF 72 15 73 94 28 25 C1 E1 BC 8B AD 85 E5"
The process %original file name%.exe:1608 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 F6 3F 36 4A AA 83 9E 36 3E 1D 10 BD 2C 3E F4"
The process %original file name%.exe:3428 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 01 5A 89 19 59 81 77 F2 1E E0 2C BD CF 56 62"
The process %original file name%.exe:3228 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 19 00 BA 57 14 52 D1 B9 35 3A C5 86 43 FA 5B"
The process %original file name%.exe:1860 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 07 E2 B9 0A 03 83 1C 02 A6 05 2E 63 DC FB 19"
The process %original file name%.exe:1600 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 5A 49 7F 01 FA AA 2D C6 55 BA 53 03 06 7C DC"
The process %original file name%.exe:940 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 7C F1 15 3C AD 71 27 B0 EC 0A 01 3F 5D 27 84"
The process %original file name%.exe:356 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "16 DD 6F 8F FE 77 77 EE 1E A6 D1 AC 8F 41 1B 1E"
The process %original file name%.exe:2004 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E 85 D4 4D 47 8C 51 47 CF 97 CD 50 34 7F 9B 73"
The process %original file name%.exe:3224 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 41 74 A3 7B C0 57 75 DF 52 91 9C C5 6F CC 86"
The process %original file name%.exe:2604 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 C8 41 24 F2 7D 7A 97 E3 E2 42 61 44 61 54 79"
The process %original file name%.exe:3340 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 36 31 36 CA A7 81 CD 45 EE EE F3 09 A8 C2 A0"
The process %original file name%.exe:804 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 DA 97 D6 8E A7 6A 7C 63 64 0F 3D 1B 10 CB 4F"
The process cscript.exe:3920 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 A6 8D 35 88 31 78 C1 C5 5A AF EB 87 60 07 50"
The process cscript.exe:1300 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 89 E4 15 8C 5F BC 29 9A 41 F1 D2 60 72 BC 4F"
The process cscript.exe:2848 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 0B 7F 39 48 CB 32 9F DA 9D 13 63 03 3C 19 AE"
The process cscript.exe:3712 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 6C F6 9B 95 1E 33 8C A1 AF BC 96 81 51 FF 47"
The process cscript.exe:3228 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF B3 6F 99 7C 05 C4 11 8A 14 AB BC 24 A1 F7 13"
The process cscript.exe:2304 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E6 C9 D3 E3 79 6E FC F5 AA 1A F2 64 C7 A0 3F 39"
The process cscript.exe:132 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2A 36 FA A7 20 75 C3 C2 55 85 28 37 41 CC 6B 4D"
The process cscript.exe:2860 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 2D 00 B9 AB 7B 0A 2F 1C FD C3 AE D7 AF DD AE"
The process cscript.exe:3412 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F9 41 82 C1 B3 D8 1F AD 7B D1 53 6E D1 6E 72 B3"
The process cscript.exe:3344 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 6D CF E5 6A 22 DA B2 83 80 67 30 45 7B E0 2A"
The process cscript.exe:2172 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 24 40 13 F6 11 06 F8 7B 77 C4 44 C7 FD 11 6C"
The process cscript.exe:3808 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 F2 2B CB 7C A7 AE FE 5B E6 07 DD 7C 6F 9A B4"
The process cscript.exe:2524 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "24 E4 40 40 14 48 37 CF E4 18 F5 14 96 E0 80 4C"
The process cscript.exe:1072 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 2D AD 73 BF 40 E6 40 6C 66 40 87 CA 73 AF AD"
The process cscript.exe:2528 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 B4 F8 6F 53 05 06 04 50 29 53 9F 14 31 BA F7"
The process cscript.exe:344 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 79 C0 CB 0E C3 09 25 F0 F1 0F 04 D6 64 6B 35"
The process cscript.exe:1376 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 B1 9A 5C 13 1F C0 37 22 AD A5 2D 64 B3 BB 64"
The process cscript.exe:2244 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 AB C9 F2 73 D3 71 74 CC C4 7A E1 BA 03 79 F4"
The process cscript.exe:280 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 C1 F3 33 CE 4B 6F 77 79 B1 46 07 1D 56 3A 73"
The process cscript.exe:548 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A 45 4F E5 1D B6 4E 7A 69 11 C1 D0 FC F3 87 4F"
The process cscript.exe:348 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 4B B6 FB D1 67 80 AC 1E 9F 7D 0B 93 D8 8C 7B"
The process cscript.exe:3992 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC 8F B5 ED AC 32 FC 0A BF 11 54 1E 1B E1 0E 77"
The process cscript.exe:2460 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 41 CB 4E 72 E5 3B 17 FE 48 74 9E 84 4E B8 C8"
The process cscript.exe:1524 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5E 93 FE 96 42 DE 1A 2A 17 C9 C2 72 B8 DF A0 32"
The process cscript.exe:2916 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A 4B 18 09 85 8B 33 4D 97 99 BC C7 4D 17 0A 27"
The process cscript.exe:3936 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 83 6B 81 7A F9 2E C1 91 56 68 07 EE C6 5E 02"
The process cscript.exe:1796 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 5B 94 89 12 24 C0 E4 0C E2 FA F7 0D B8 7E 35"
The process cscript.exe:1956 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "68 EF 85 E6 C0 D7 E6 35 6C 0B 72 15 73 BC DA BF"
The process cscript.exe:3336 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 1B 47 11 BD 88 70 DD CC 30 93 54 D9 80 8F FE"
The process cscript.exe:3152 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 0E A6 34 E8 A3 4A 07 80 83 63 07 EC D2 32 3B"
The process cscript.exe:1228 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 E7 F8 10 36 E7 F1 29 47 63 70 DB 53 51 A3 00"
The process cscript.exe:3640 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "35 7F E6 10 25 51 99 6C A3 F3 62 58 CD D5 8F A7"
The process cscript.exe:2316 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9D 8A 88 F8 C7 BB 4E D8 61 A3 1E 54 DC 81 5D 3E"
The process cscript.exe:2992 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 6D 18 AD 03 6D 1F B3 1F A2 C3 21 03 9D CE 36"
The process cscript.exe:1064 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 79 4E 1F 0C E8 89 D3 80 A7 09 0D B6 05 5B 4F"
The process cscript.exe:2996 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2D 2C F2 7C 3E 87 7F 00 12 06 77 B3 E0 DC A6 EE"
The process cscript.exe:3244 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 42 D7 A5 C5 48 24 BF DC 1D D5 E2 1A 61 A1 14"
The process cscript.exe:2804 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B2 BF 29 92 BA EA 5C BC AB B0 D8 D6 58 21 FB 20"
The process cscript.exe:2264 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F5 E4 FA 7C 60 9A AC 55 64 CE EB 3F 42 D2 50 D5"
The process cscript.exe:2060 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 0E F6 5C 0D 24 DD 46 91 3A 7A 25 F7 F2 58 68"
The process cscript.exe:3848 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A6 A0 08 CA BB A1 C7 41 5C 6F EF 21 6D F3 4E CC"
The process cscript.exe:2064 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CA 7B 41 8B 2A B2 1D EC 7F B2 E0 75 A8 DE A8 8E"
The process cscript.exe:2252 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "50 F9 59 29 DD 3A AB F4 F7 85 93 37 84 9E CC 96"
The process cscript.exe:2288 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 73 B3 78 EF B9 50 10 4E 7D 41 6C 44 14 68 ED"
The process cscript.exe:2904 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C E6 DA C3 EA C6 08 C1 C9 E1 BD 3A 89 33 94 95"
The process cscript.exe:3940 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 B5 A7 3D AF A5 D3 C6 41 CE 63 40 3B E8 AA 9D"
The process cscript.exe:1028 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0B 5C 49 CD BC CB 91 4A 23 37 C9 B3 D5 62 5D C4"
The process cscript.exe:2828 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 31 71 13 7C 6A 48 BF 58 39 D1 71 B4 16 2F 23"
The process cscript.exe:3032 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 68 A3 AA D8 59 75 76 67 88 72 08 4F 97 A3 F6"
The process cscript.exe:3308 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B C1 E5 43 2D C7 22 34 D7 F3 C5 BB A1 EB FD 58"
The process cscript.exe:1484 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 37 76 90 02 96 9A F5 86 01 26 F5 C3 90 F1 CF"
The process cscript.exe:3148 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 58 3A 64 24 1F 07 1C 51 53 8A C2 9D 02 B9 3A"
The process cscript.exe:4044 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 87 7A 34 0E EE 83 99 B7 15 8E 52 9C BF 73 24"
The process cscript.exe:2308 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C CA BC 0F AD 3F 8C 5E 63 B7 4E 2F 50 16 4A E0"
The process cscript.exe:3476 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 6E 25 F2 16 F1 A0 EE 20 BA 54 0E 85 A4 B8 CC"
The process cscript.exe:3472 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 66 D6 D5 19 47 DF 39 73 4D B5 EF 8C A8 A9 F5"
The process cscript.exe:2544 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 43 1C DC 4E 2C 14 17 1F 8F C0 EA 91 21 FA 6E"
The process cscript.exe:2548 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B 0B B1 E6 D5 26 0E 19 03 BD 67 84 7A 5F 9B 62"
The process cscript.exe:2788 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9E 0D 30 0D 0B EA 56 5B 5E AA E1 4D 2B 8F 40 D1"
The process cscript.exe:1256 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 8B 6D 41 D0 14 62 6E 3A FF E3 29 EA AF 57 F1"
The process cscript.exe:2384 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 A2 49 E3 27 76 6A 86 25 4C A1 06 FC 75 98 A3"
The process cscript.exe:368 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 06 7B 74 7A B6 00 7E A0 9B 95 65 CA 76 FF B5"
The process cscript.exe:2072 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF A0 71 2A 74 62 09 4D 28 75 36 86 02 02 FA 21"
The process cscript.exe:3108 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "64 D4 74 3F 77 5C 36 D0 51 3C CE 10 D1 15 03 0E"
The process cscript.exe:2668 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 63 02 A5 2C 46 03 4C 8E 28 5A 01 71 19 26 55"
The process cscript.exe:3844 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C 04 D4 68 9C 85 E4 A0 D5 38 3D FD 4B 00 FE A2"
The process cscript.exe:3812 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C 18 FC 3F 9D 9E 75 83 C6 A7 EC 6E 00 C6 C3 15"
The process cscript.exe:2280 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 55 9C 99 2F D9 5F F2 05 68 15 1D 0E 44 B8 3D"
The process cscript.exe:3956 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA 9F 55 AB 65 1F AC 60 B9 56 AE 3F 68 76 49 DB"
The process cscript.exe:2764 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DF 40 10 8E EA C4 D7 D8 3A 59 9F 33 83 85 D2 56"
The process cscript.exe:380 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 97 FA 77 89 7D E4 AE B5 40 17 D4 60 70 4B 10"
The process cscript.exe:244 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "39 22 AC AB CA A8 8B F7 2F D9 D4 0A 09 D3 5D 69"
The process cscript.exe:240 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 87 4F 3F 49 58 4C CE 29 35 9A B2 53 93 33 01"
The process cscript.exe:3268 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AE FA 09 74 2C 89 E9 44 3D 6F 96 9F 3C A4 8E 6B"
The process cscript.exe:2832 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 99 7F B4 C4 CB A4 3C 02 8A C2 3C D0 CE 06 C8"
The process cscript.exe:3316 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DB 29 DC 7E FE 98 88 97 BF 8B 21 AE 9C 42 44 E0"
The process cscript.exe:3392 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 AD 08 78 FB CD 2B 8A 68 34 5A 60 EE B5 3C 8C"
The process cscript.exe:2272 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 88 11 F6 14 EE 8E 55 0C CA 9E F8 8B 40 C7 C0"
The process cscript.exe:3012 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 B9 C5 E5 7C 1F 40 1E FD 43 4B 1B 0A 17 21 8F"
The process cscript.exe:3468 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 EC 19 DD B6 D5 3F FC 2D B0 19 A2 E6 BB 2D 98"
The process cscript.exe:2208 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3F F0 CD 7D 35 48 88 7D 81 93 1D 8F 29 7F 19 D9"
The process cscript.exe:644 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 2D E2 08 EE 0D D8 46 2C 66 C8 E8 FF 5B DE F1"
The process cscript.exe:2792 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 B2 8F 4A 7F 51 B9 FE 0B A1 B8 B7 F6 F4 28 6B"
The process cscript.exe:2376 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 74 26 A9 39 24 67 F1 AA 08 D5 B6 01 B9 B6 8F"
The process cscript.exe:2928 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE 17 A2 16 4D 53 6A 45 38 B2 22 68 B5 6D A2 05"
The process cscript.exe:2596 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F 16 9D 43 FB 11 84 4B D6 48 3A EC 16 5D D1 0F"
The process cscript.exe:3596 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F 35 5D 54 8D 6C 26 47 46 4A AD 3A F4 34 2F 2F"
The process cscript.exe:2592 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 73 DD 35 01 A1 3D 1D DF 97 F9 F3 0F DC 76 20"
The process cscript.exe:3804 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 6C DC E3 B1 B3 4E E2 CF 37 4B 44 40 6A C9 C7"
The process cscript.exe:2456 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C4 B1 48 96 32 C5 36 B1 62 00 8F 56 C9 41 FB 43"
The process cscript.exe:2452 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 79 B5 68 47 18 94 84 E1 15 76 42 0A FD 3B 09"
The process cscript.exe:3004 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "39 DF 33 85 77 FF 15 16 2E DE E7 91 AE C5 3D 5A"
The process cscript.exe:3000 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "33 F8 5B 3B 85 46 E3 89 D8 30 B9 AC 31 D7 0A 5E"
The process cscript.exe:2196 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AC C9 5B 7E 26 F9 2B 60 1B 16 24 2A 0B 8D 54 38"
The process cscript.exe:3900 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9E 6E 5D D7 BB 85 6B 35 7F 06 01 3D 3E 8A 47 F2"
The process cscript.exe:3164 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 48 10 D0 60 E8 CC 2F 40 DE 04 10 75 0C 6A F2"
The process cscript.exe:1900 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC 07 3B 43 B3 DE 16 74 3B 92 6F 62 4A E4 FF 3E"
The process cscript.exe:2200 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 C7 9D 2F B4 26 D6 94 8C 7B 43 2B 07 4C 96 5F"
The process cscript.exe:2880 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "16 97 45 07 F8 58 92 A0 28 25 E9 D0 14 3F DA E3"
The process cscript.exe:3368 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "05 8B F2 E3 93 2B EF 27 17 5F 42 EE D3 05 52 32"
The process cscript.exe:1980 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 98 C2 91 D1 3B C2 49 8C 10 B8 EA 07 7A 3D 07"
The process cscript.exe:3364 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE 64 CC 6B F2 BD A7 12 21 29 12 CB 42 81 F1 E4"
The process cscript.exe:2560 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B 5B FC D9 51 F6 54 90 B6 EC 1F 1D 7C E8 D6 C4"
The process cscript.exe:3696 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DD EB 93 74 C3 15 24 C5 3D 2E 88 05 2B 18 1D C2"
The process cscript.exe:2368 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 DE 87 CD 3D 1A 21 02 7B AF B9 35 F7 98 71 B3"
The process cscript.exe:2684 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 30 AB 5E 9F 6E 64 8F 0E 37 55 3D F6 B7 51 58"
The process cscript.exe:188 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 D2 B2 11 2B 3E BF C2 20 44 A5 9B 54 F3 86 73"
The process cscript.exe:2680 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F F0 E8 9B 25 2D 6D 35 A9 9B 63 80 E9 A2 F2 51"
The process cscript.exe:2428 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 09 C0 17 9C 29 04 BC 50 12 28 72 FF CC 61 4C"
The process cscript.exe:3600 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 BA 39 5D E2 A2 FB 40 F0 1B 4D 28 09 93 EE DE"
The process cscript.exe:2624 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B B1 D6 78 5C CA C8 D4 BD D9 A5 E1 83 F4 C3 7B"
The process cscript.exe:3608 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B 47 0C C8 8C 6E 00 09 18 FE 85 86 CC D8 57 42"
The process cscript.exe:3524 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 83 DC D1 D4 F9 9F AA FF 63 B2 54 A9 AE 7E F0"
The process cscript.exe:3728 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 00 4C 07 7F 49 68 6C E4 ED 9E BD A0 BD 05 CD"
The process cscript.exe:3724 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 7E 65 8E F1 A1 75 07 AF 43 F3 B1 B4 2A E6 0F"
The process cscript.exe:2188 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 83 CE B5 1F D7 20 2A D6 3E 5C 15 D3 27 66 5A"
The process cscript.exe:220 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 3C D2 A4 57 E5 D5 5A 0F 1F 40 A9 11 28 B4 E7"
The process cscript.exe:868 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 83 1F D4 24 3E 23 CB 4B 6A 85 08 B0 2C DF 43"
The process cscript.exe:3904 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2A FD 39 0D D2 29 D3 01 2B F9 13 AB BE 83 67 95"
The process cscript.exe:3376 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5E 65 FA 3C 88 D4 E2 0F D3 03 F4 7F D8 57 61 AA"
The process cscript.exe:3440 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 07 FA C5 50 08 31 28 85 0D 62 B7 43 5F C6 B7"
The process cscript.exe:3684 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0C B5 6C DD 78 7F 0F CA FA 93 AE 5A 4A 42 12 DB"
The process cscript.exe:3500 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 34 58 7D D4 AF 79 B0 B6 14 E0 C4 4E 91 36 ED"
The process cscript.exe:3964 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 0E CB F4 FD 15 9F E6 80 6C D9 80 E4 73 5D 7E"
The process cscript.exe:2108 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 88 CB A5 66 60 60 5C 59 C5 10 4C 6C F2 D7 E9"
The process cscript.exe:2752 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4F 2C 7D DA 6C 64 BC 0E 83 26 D9 E6 7D 58 6B BA"
The process cscript.exe:2100 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CA 94 01 CA 8B 21 B4 1D 99 93 2C 15 54 F4 1B 13"
The process cscript.exe:1512 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "29 F2 35 D1 60 06 22 2D D9 EE 94 27 44 8D 6E 70"
The process cscript.exe:740 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 08 BC F0 7C B5 EC EC 0C 2F 96 C3 9F CA 0E 1B"
The process cscript.exe:1160 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E 57 F5 94 7C D4 3B 9D EC A3 B6 57 A2 C8 52 E7"
The process cscript.exe:2436 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6D 40 59 40 61 E6 59 0C 51 71 C5 E1 81 E2 35 B9"
The process cscript.exe:3324 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F E5 00 D0 F7 8A D1 4F 71 B8 92 9F D7 A0 82 3A"
The process cscript.exe:2632 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "54 DD 16 0C 4C 84 A0 11 6A E3 80 DD A3 3E 56 7B"
The process cscript.exe:3672 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 3F 4C 91 B0 F2 5B 7A 9E 35 6F 59 41 08 02 74"
The process cscript.exe:2948 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 0D F0 1E 9B 4E 34 0F 42 75 3E FD 75 36 91 1C"
The process cscript.exe:3736 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D2 5C B8 D7 1B C2 23 7A 6D C5 57 B9 BB F7 89 39"
The process cscript.exe:2344 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C 11 15 81 83 E3 D8 12 9E DF B7 D3 C2 5A 56 97"
The process cscript.exe:1052 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1A 04 D0 4F FC A0 75 28 E5 9F 0F 72 1E D7 E9 47"
The process cscript.exe:1968 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 4C 8F 22 CF 1D 0D DF 4A E2 6C B4 48 D8 D2 1D"
The process cscript.exe:4000 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 38 6B 07 09 60 86 C8 E1 79 2F 30 AE BB B4 EB"
The process cscript.exe:2224 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0C 1C 27 BA E2 35 54 A0 05 92 8F 09 71 68 F4 DB"
The process cscript.exe:3436 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 FD 10 07 4E 07 2A 90 17 7F FE 67 88 42 55 BA"
The process cscript.exe:1568 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 12 73 17 B2 48 96 90 96 63 22 64 09 CA 5F 20"
The process cscript.exe:1112 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4F A7 20 20 B2 1D 38 26 FF 2D 26 5A 63 D9 D5 99"
The process cscript.exe:2500 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 6D FB 43 7B E8 5F 7C 37 03 A2 B4 8E 76 42 6C"
The process cscript.exe:2648 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 21 DE 09 78 AF 33 95 80 01 63 3B 75 DC E2 86"
The process cscript.exe:2724 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "50 B0 39 2D 7B 19 37 87 A7 E9 50 E6 8C 0A 17 B0"
The process cscript.exe:2644 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A F2 04 A8 F7 19 20 C2 E7 DE 9B F9 A2 93 6C 95"
The process cscript.exe:1276 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3D 0F 38 53 35 AF 21 A1 CC 88 7C 1D A3 5D 78 79"
The process cscript.exe:3484 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 37 1B B0 27 76 7F C1 CF AD 3C 30 CD AA 91 A9"
The process cscript.exe:3352 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 1C 48 96 A9 22 07 B9 B3 A1 09 8A E0 35 B7 06"
The process cscript.exe:3056 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE 74 FA C3 25 11 20 AD 50 3C 31 24 7E F3 E0 E8"
The process cscript.exe:2132 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 E8 05 27 C5 43 45 88 23 1A A1 8A DA 62 05 74"
The process cscript.exe:3052 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 70 DD 98 30 C7 30 74 C3 D8 41 BC C6 4D C7 0E"
The process cscript.exe:3780 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 F6 E0 B0 3A 1F EB 81 2D E1 24 DD E8 B4 BE 20"
The process cscript.exe:1040 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 7F FD 08 7E A3 51 C9 90 F0 25 68 63 98 61 A3"
The process cscript.exe:3540 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 1E BD 93 52 48 97 0F 5A 48 7C F7 56 CB 46 86"
The process cscript.exe:3380 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D 4D 51 85 F3 2A 7D ED 7E EF A8 A4 73 B5 04 94"
The process cscript.exe:948 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 DE 86 E9 89 CE BD 73 88 0A F0 BE C6 C2 A9 91"
The process cscript.exe:4012 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E 70 76 B5 D9 50 84 21 A2 82 EF 0C 83 EB B9 4C"
The process cscript.exe:3788 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 73 E1 03 36 B9 49 08 0D B3 70 8B 5F 23 74 48"
The process cscript.exe:804 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 B2 E3 D0 93 27 7C 9E A9 DE 9D BB 12 85 0D 08"
The process fGAwoYMM.exe:1864 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 FB 98 89 4B 3D 40 06 21 18 4E 37 65 C4 9D 6C"
To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
The process reIEcoQI.exe:232 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE 5B 75 54 DB 88 01 DB 99 BA 45 B0 F7 C3 A5 02"
To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
The process NesIMIQs.exe:228 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E 90 79 A8 81 C4 C1 EC BA 03 47 B3 84 A1 EE 9B"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
Dropped PE files
MD5 | File path |
---|---|
ea444919153b1ea3caa97c5a585f7e54 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe |
d321ce3cf1145738c1ea2f52c191a5d6 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe |
47e399279029e85267fd8865d0c997eb | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe |
a5576bc6bc5c17ec7febcf42c3ee37ec | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe |
a82e3e7d3d519a68ea02d33974d14679 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe |
23c0b2ce5868abc6a21c8464e7094368 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe |
cd9d76486adec521f078a85f908b6b96 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe |
549558d8f62b028c73e62cdc698390e8 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe |
b5ca216b77f903c52c96b5f14d4a92f2 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe |
2dfc069c83d2ad472a77bef44017f149 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe |
58ddac82b891e557f7fded1ca29ae1d2 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe |
c8545eeccaf825010779465e6bdaffed | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe |
7b6324a2214c4b8c4559befda4f7d54d | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe |
1c727ef641b3387971cf19c78136d962 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe |
766281aeecd3eb5b95d8a90907bd0b58 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe |
303e24d8121470cc72e6978f7463af67 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe |
e46718313d0f7231485bd29850de6c0c | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe |
15ebc6d1d0b0faf7853104ff92b55bda | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe |
4dd07f3657d600bbc0fc4e16152ad62c | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe |
a4677186e2f2ba20b738f236207dcbde | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe |
c4cd550b3d4a8077fe2590bc3e31c3ee | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe |
7eac824a090fb1204540f344f964b1c0 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe |
1f6dd2a82bbcb6a38024ff9356cb545e | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe |
14710a842395b3ea6a72462406da5d35 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe |
fd6211db908ddd3f23890fc27496ec49 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe |
0db5bc30aa334ac4b005edf49da3a4a4 | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe |
9cc2103e853d53bdcecab4edcc2095e7 | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe |
09cd66ef54842b89490d2213f71349cd | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe |
710eb6adfe160454dae78af739a0feec | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe |
ff3e958c3cd1e9c569f173b47cd0d12e | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe |
e2c95931d23e1e0afd8f3a6459a829bd | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe |
cdc806c90603982a251679acfe5a4dae | c:\Documents and Settings\All Users\JuwEIgUE\reIEcoQI.exe |
91d7d06cf285617e06a449829be45e1a | c:\Documents and Settings\All Users\hcYYccwo\NesIMIQs.exe |
6d869dd8f2facc82a06749b242bb15f3 | c:\Documents and Settings\"%CurrentUserName%"\dUskcAww\fGAwoYMM.exe |
b9e20cf1e7b445756e6efb37e840997f | c:\Perl\eg\IEExamples\ie_animated.gif.exe |
9a0a8bc268cd1f5acd9a2ff00ba0177b | c:\Perl\eg\IEExamples\psbwlogo.gif.exe |
75dec60e92cbff22a143b35bbbea424a | c:\Perl\eg\aspSamples\ASbanner.gif.exe |
d74cc4573df68700df52989f2a9075b2 | c:\Perl\eg\aspSamples\Main_Banner.gif.exe |
c1cccd3653766f00c504a60322335a15 | c:\Perl\eg\aspSamples\psbwlogo.gif.exe |
12d92b5eb0a5ea18c3359599c0d7b13f | c:\Perl\html\images\AS_logo.gif.exe |
0e6e64fccc4c728cc2d91cf5d440da88 | c:\Perl\html\images\PerlCritic_run.png.exe |
c1aaa23b0c4b6bd43cc5053d1d9d9be0 | c:\Perl\html\images\aslogo.gif.exe |
41fdb494501bcf42fff58697b49f1d44 | c:\Perl\html\images\ppm_gui.png.exe |
64511caa0328596148f3609e07cfbc0b | c:\Perl\lib\ActivePerl\PPM\images\gecko.png.exe |
153121332888687b286291afa24b5780 | c:\Perl\lib\ActivePerl\PPM\images\perl_48x48.png.exe |
842324367495dea4fb51fed4956729ae | c:\Perl\lib\Devel\NYTProf\js\asc.png.exe |
e1fc57abb59cfeec789d20726078b801 | c:\Perl\lib\Devel\NYTProf\js\bg.png.exe |
53fe52b473e1a192156c73e10c1ff4f9 | c:\Perl\lib\Devel\NYTProf\js\desc.png.exe |
d761d07d163501bb9ae99ba6eafbb80b | c:\Perl\lib\Devel\NYTProf\js\jit\gradient.png.exe |
ca41537705631665e8e57d9ab5bc8d41 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient20.png.exe |
c18f349d38de8e21ee5a1347d0aa3cab | c:\Perl\lib\Devel\NYTProf\js\jit\gradient30.png.exe |
acdff9b0cbc6c9485dcae828fe5f1522 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient40.png.exe |
c1a4c43aa40130ad82db29326b2b7797 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient50.png.exe |
8ccf76190ca5972ef70cfd0165220661 | c:\Perl\lib\Mozilla\CA\cacert.pem.exe |
31cd0309693e79fcd077f497daa4a50f | c:\totalcmd\TCMADMIN.EXE.exe |
0fb0756a7098613b186c9fc4ef5b70f1 | c:\totalcmd\TCMDX32.EXE.exe |
15085fed107eac9562235d99e3982356 | c:\totalcmd\TCUNINST.EXE.exe |
2a1a8d92232fc1d5e222b9e485788688 | c:\totalcmd\TOTALCMD.EXE.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:3076
%original file name%.exe:3928
%original file name%.exe:2184
%original file name%.exe:2656
%original file name%.exe:2840
%original file name%.exe:4024
%original file name%.exe:4092
%original file name%.exe:2320
%original file name%.exe:3552
%original file name%.exe:2484
%original file name%.exe:2480
%original file name%.exe:3792
%original file name%.exe:2120
%original file name%.exe:3852
%original file name%.exe:2400
%original file name%.exe:3996
%original file name%.exe:548
%original file name%.exe:1916
%original file name%.exe:348
%original file name%.exe:1460
%original file name%.exe:1672
%original file name%.exe:2912
%original file name%.exe:1792
%original file name%.exe:1796
%original file name%.exe:3644
%original file name%.exe:1068
%original file name%.exe:3564
%original file name%.exe:1824
%original file name%.exe:3568
%original file name%.exe:2996
%original file name%.exe:2496
%original file name%.exe:928
%original file name%.exe:2412
%original file name%.exe:2392
%original file name%.exe:828
%original file name%.exe:2256
%original file name%.exe:2796
%original file name%.exe:2252
%original file name%.exe:3772
%original file name%.exe:2900
%original file name%.exe:2472
%original file name%.exe:3628
%original file name%.exe:2772
%original file name%.exe:2776
%original file name%.exe:3140
%original file name%.exe:3272
%original file name%.exe:3148
%original file name%.exe:2308
%original file name%.exe:2540
%original file name%.exe:1716
%original file name%.exe:2980
%original file name%.exe:4048
%original file name%.exe:3388
%original file name%.exe:2176
%original file name%.exe:3160
%original file name%.exe:2076
%original file name%.exe:3580
%original file name%.exe:3956
%original file name%.exe:304
%original file name%.exe:3216
%original file name%.exe:2764
%original file name%.exe:380
%original file name%.exe:1932
%original file name%.exe:1776
%original file name%.exe:240
%original file name%.exe:388
%original file name%.exe:2836
%original file name%.exe:3508
%original file name%.exe:2276
%original file name%.exe:244
%original file name%.exe:2576
%original file name%.exe:1840
%original file name%.exe:3016
%original file name%.exe:2992
%original file name%.exe:3096
%original file name%.exe:644
%original file name%.exe:2676
%original file name%.exe:3188
%original file name%.exe:2372
%original file name%.exe:1224
%original file name%.exe:3124
%original file name%.exe:1228
%original file name%.exe:3696
%original file name%.exe:2800
%original file name%.exe:1900
%original file name%.exe:2880
%original file name%.exe:3368
%original file name%.exe:1980
%original file name%.exe:3692
%original file name%.exe:3360
%original file name%.exe:1988
%original file name%.exe:3088
%original file name%.exe:1032
%original file name%.exe:3084
%original file name%.exe:2360
%original file name%.exe:3600
%original file name%.exe:2152
%original file name%.exe:636
%original file name%.exe:2580
%original file name%.exe:2420
%original file name%.exe:464
%original file name%.exe:3892
%original file name%.exe:1596
%original file name%.exe:3520
%original file name%.exe:3288
%original file name%.exe:2188
%original file name%.exe:3280
%original file name%.exe:220
%original file name%.exe:3688
%original file name%.exe:3444
%original file name%.exe:3680
%original file name%.exe:1028
%original file name%.exe:2892
%original file name%.exe:3964
%original file name%.exe:3532
%original file name%.exe:816
%original file name%.exe:1452
%original file name%.exe:3116
%original file name%.exe:2100
%original file name%.exe:2692
%original file name%.exe:1108
%original file name%.exe:4080
%original file name%.exe:2736
%original file name%.exe:3868
%original file name%.exe:2868
%original file name%.exe:3632
%original file name%.exe:2436
%original file name%.exe:3460
%original file name%.exe:2816
%original file name%.exe:2948
%original file name%.exe:3068
%original file name%.exe:1052
%original file name%.exe:2944
%original file name%.exe:2340
%original file name%.exe:2228
%original file name%.exe:3196
%original file name%.exe:3432
%original file name%.exe:4004
%original file name%.exe:2348
%original file name%.exe:1196
%original file name%.exe:1568
%original file name%.exe:2036
%original file name%.exe:2672
%original file name%.exe:3480
%original file name%.exe:2748
%original file name%.exe:3812
%original file name%.exe:2500
%original file name%.exe:3916
%original file name%.exe:2724
%original file name%.exe:612
%original file name%.exe:1816
%original file name%.exe:1608
%original file name%.exe:3428
%original file name%.exe:3228
%original file name%.exe:1860
%original file name%.exe:1600
%original file name%.exe:940
%original file name%.exe:356
%original file name%.exe:2004
%original file name%.exe:3224
%original file name%.exe:2604
%original file name%.exe:3340
%original file name%.exe:804
cscript.exe:3920
cscript.exe:1300
cscript.exe:2848
cscript.exe:3712
cscript.exe:3228
cscript.exe:2304
cscript.exe:132
cscript.exe:2860
cscript.exe:3412
cscript.exe:3344
cscript.exe:2172
cscript.exe:3808
cscript.exe:2524
cscript.exe:1072
cscript.exe:2528
cscript.exe:344
cscript.exe:1376
cscript.exe:2244
cscript.exe:280
cscript.exe:548
cscript.exe:348
cscript.exe:3992
cscript.exe:2460
cscript.exe:1524
cscript.exe:2916
cscript.exe:3936
cscript.exe:1796
cscript.exe:1956
cscript.exe:3336
cscript.exe:3152
cscript.exe:1228
cscript.exe:3640
cscript.exe:2316
cscript.exe:2992
cscript.exe:1064
cscript.exe:2996
cscript.exe:3244
cscript.exe:2804
cscript.exe:2264
cscript.exe:2060
cscript.exe:3848
cscript.exe:2064
cscript.exe:2252
cscript.exe:2288
cscript.exe:2904
cscript.exe:3940
cscript.exe:1028
cscript.exe:2828
cscript.exe:3032
cscript.exe:3308
cscript.exe:1484
cscript.exe:3148
cscript.exe:4044
cscript.exe:2308
cscript.exe:3476
cscript.exe:3472
cscript.exe:2544
cscript.exe:2548
cscript.exe:2788
cscript.exe:1256
cscript.exe:2384
cscript.exe:368
cscript.exe:2072
cscript.exe:3108
cscript.exe:2668
cscript.exe:3844
cscript.exe:3812
cscript.exe:2280
cscript.exe:3956
cscript.exe:2764
cscript.exe:380
cscript.exe:244
cscript.exe:240
cscript.exe:3268
cscript.exe:2832
cscript.exe:3316
cscript.exe:3392
cscript.exe:2272
cscript.exe:3012
cscript.exe:3468
cscript.exe:2208
cscript.exe:644
cscript.exe:2792
cscript.exe:2376
cscript.exe:2928
cscript.exe:2596
cscript.exe:3596
cscript.exe:2592
cscript.exe:3804
cscript.exe:2456
cscript.exe:2452
cscript.exe:3004
cscript.exe:3000
cscript.exe:2196
cscript.exe:3900
cscript.exe:3164
cscript.exe:1900
cscript.exe:2200
cscript.exe:2880
cscript.exe:3368
cscript.exe:1980
cscript.exe:3364
cscript.exe:2560
cscript.exe:3696
cscript.exe:2368
cscript.exe:2684
cscript.exe:188
cscript.exe:2680
cscript.exe:2428
cscript.exe:3600
cscript.exe:2624
cscript.exe:3608
cscript.exe:3524
cscript.exe:3728
cscript.exe:3724
cscript.exe:2188
cscript.exe:220
cscript.exe:868
cscript.exe:3904
cscript.exe:3376
cscript.exe:3440
cscript.exe:3684
cscript.exe:3500
cscript.exe:3964
cscript.exe:2108
cscript.exe:2752
cscript.exe:2100
cscript.exe:1512
cscript.exe:740
cscript.exe:1160
cscript.exe:2436
cscript.exe:3324
cscript.exe:2632
cscript.exe:3672
cscript.exe:2948
cscript.exe:3736
cscript.exe:2344
cscript.exe:1052
cscript.exe:1968
cscript.exe:4000
cscript.exe:2224
cscript.exe:3436
cscript.exe:1568
cscript.exe:1112
cscript.exe:2500
cscript.exe:2648
cscript.exe:2724
cscript.exe:2644
cscript.exe:1276
cscript.exe:3484
cscript.exe:3352
cscript.exe:3056
cscript.exe:2132
cscript.exe:3052
cscript.exe:3780
cscript.exe:1040
cscript.exe:3540
cscript.exe:3380
cscript.exe:948
cscript.exe:4012
cscript.exe:3788
cscript.exe:804 - Delete the original Malware file.
- Delete or disinfect the following files created/modified by the Malware:
%Documents and Settings%\%current user%\Local Settings\Temp\AikAYYsE.bat (4 bytes)
C:\d4a55cc7b461baa492d09def48760fb6 (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EosMskMk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZyEgAEoE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XYwgogYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XiEscooM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fEIssgcU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cAkkgUUE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EegIIkAM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QCowssYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZQcQcsMg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iigQokYY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KeYQEIQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xqsMAIQM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ocAAsUsQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uiswAccA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FyowAYIU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eKAQckoA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lsUYUoIM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uyoEIMoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\huwEcEoU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tQMsAcUs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fqMUsgso.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mskosYkY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DMMwAEck.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WockIEgs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PMsUEkgA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LQQkEMwU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PyoUwIEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wYYMYUks.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uWwogccE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AKkIUoYc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vucYgcYk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QaIUcAUs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LkEsggoM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rusAscwU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bwAMEsMM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QosEYAco.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SOwIEUsE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kyUYYwoQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JKwIUoow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nyQUoEcY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XEwcwMok.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aGoUYMEw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dIwoAwMk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aIEUsUoo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XgkEoAAs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UIoIMMkw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NIEUkEIA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eOAEcIoQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oksIgYMU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MyUQoIAQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LUYIIcQw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HYMkQgQI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BMgEYgUQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oEkYUEEw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qCYIgMss.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cIUoMMwM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jWsksgII.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rUoMYAwc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DskEMwcU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FyEcwAgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lOkkQMMo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OOskgIEQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hmUEwsUQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XikMAgEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\maEEAYAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rYggkkYk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AisAYoYc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DmAUkMkg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YoEIoEUo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NSEoowcQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AQQwMooM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FYUcQoYE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uCYQAUgM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MwscoIgU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FyscQsgU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gGowookg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\twQEgQwc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\usQswYoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jIAwMYgc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iukgEUQU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gWIQIwko.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sIgQQwEk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HuYYAIMU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aAUYQgcA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gIkgIoEA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wMMoQEAA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VwsMMMoA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LmscEwQs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SOAAMwEU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oqEocAIc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xEMIcsIQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EaMcAQsY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WeMwscsk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kKosksok.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oIIkcYgU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MMcoYcMY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HyIIUMAg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KycAAEYU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zUgMgAwQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KucAAkkA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gaAcQMIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\quEssMww.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HOUkEEEo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IOIcQEck.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uccUUcQU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DcMYEkIw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kgAgsEMk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\okkEMMAo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vqEgAwYs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TiwEAwQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZKgckogQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gassAQcw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QYgwYEgE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jGQksQEI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QWMkAQkU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kOgMkckU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vaUsIQko.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OIEokAEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jOswgwUQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qMQEEYEc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lkcUYYEU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EWUwYsIQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fWcQEEco.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wKwwYkwY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\muwkMIQU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MowosgAg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nKUIYQoU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QcIwEgYs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hiQIocMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zIkoEwMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PwUYEsEI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LUEgUMsI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hikAIoww.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oEAoIIQg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UkMAMcwo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZoEQccQc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vaYMQYcY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eUQAEYEE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NiocYYMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rGgIoEcg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lQgkQkkU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OgEUgsUQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\waoUYMAk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aUYIYMcY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AcscEkgI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PMcgQQAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aaMskYwI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vCEIEkIA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MOMkEIsA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MCAQgAkY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LGAIkYII.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bKMsIogI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PUsYggkI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ziAggAYA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qCAgIUck.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xYYoQMgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ykoMYoUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RisUIwgo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dcMwcEEo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zeAwMMEw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MIMQwQYs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iiocMYsc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mQoMUUYk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lYccoAEI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\imAAgYIA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JOQEMAYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DWAskUMs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PKgQYwQo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AAIEMYkg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MMcYokEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EykYYwgc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EeMkIAcE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QcYAIwUs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NcMAUock.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\acQEowkw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hKgEoIUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZQgcgkkk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UIwgokYs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fSgIokoM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yUMEkMIY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hSUIIQsY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nkQQMgkY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fAoIAQMg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bYUIAUMI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GqEAEEUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WkEcYYwg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qmgoYkYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eOcoQssE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TSIkAsgI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XQYUAQQk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jkEwYIQk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rWQoAwEI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CqEcUEAM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vgooIccw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vsUooIoM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iusQYcoc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TSwkQQUU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HeMwUYcA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\feIwEIcE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BkwoUkcU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VogYcwgw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jmccUQEo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PMYIooQc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WGEgYcgA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aegogUoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\suQYYwYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QUkMIgcY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NGgEEIwc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EsgYwUQU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iucscMwE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aEUkEMEA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sqgkkQkg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BGAUYsgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nCEswUkU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zukoUEcs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OqggowoY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SscAogYQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AwMsEgwM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QeUEQggs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GkcEMscM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AwcssIcs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ruMAUcsE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wUssIscA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kuYIIUQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wOUgUAks.bat (112 bytes)
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe (3921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYEAscMY.bat (4 bytes)
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe (3777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xKIMEUMQ.bat (112 bytes)
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe (3753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AsYEQcIQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CQcgMokE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ugcUIIgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VKUAQgYU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZUMYskUw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zCQwsIwQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SekAcgcA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JoogQMEI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geIIMoMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LAcAswsY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YsMQoIYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KsUkMUks.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jUwkoYgI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XWgQgsEo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xeAQgQAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bUkAUAIo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KSwQYcME.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fEQoAkYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XwYcEwwU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCMEwUYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KkwYUUIw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mmUswwQM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PSgwwgAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eQwEkQkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AEMcgUcU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XwoYsUQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sMoAsQUY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lcYgUUsk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mecYwwgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IsgIgwEE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LUIUowgI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yuoUQUwo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MgkIIUsQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rEskQEYA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jMoMQAQM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NEscsQsc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zCAkIwYc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wMEocYwo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\boQIYsUY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hEoscAoQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HacEYgQg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VCcIAgYY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wQoAEoQQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NCMsAMoU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CiwcUowk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cSEAgEss.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xEgwMMcc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wmoMQkwo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kMckAIEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\doAUAoYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kkcgUwQM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tWYkAIco.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eMEwQkoM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WcIYgkQQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZkIIEkkU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WgYUAEoo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cKsEUggA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VOIcIsEQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BswcogUk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TWAIQkQU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OQwgQYcg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYsQkAwM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RUMEkMIU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gIkgEEwM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sqYEYIsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JuUUkUEk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pWQAMgIY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MOUQQUsY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GaoYUAEw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cYAUooAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SGkEEsEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RQgoYwMg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jiQkcUcQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZoAMUowU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tqMMYcsk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pAMIYYQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aUswAQso.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QYIkswoc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tcEwUAIg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bAkMUsYY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cawckwMs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DqsEEkss.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zAkQQIEk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nmwwwgoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wmcUEIYg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xqMcAcsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VwQgoMcw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IeMUkcAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vUkkUoYM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ieUkAYsM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MwQQkAUg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mQwAEAAQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jmscsoIY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gyUEQQAk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NMgcQksw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aisIAAAE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JUAcIkss.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\suwUoEMw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HWosQYYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AAoQUIsI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pmYgMwsI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scgcYYQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vmoogEMM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KuowMoog.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XmAIEwsA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kUkYsIUE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rEQcAUUg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BqcAYQgM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rcAQosEI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EggcIsww.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PysUoIwc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\maAQoIcg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dkAUggUo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GEYQgwYo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ioIwUkQg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WCkMsAwU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SQAsAscY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gEgoMoos.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wgoMcQAc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nSEoAoww.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mMcckssw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YIQcssYE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OKogQIAc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SEQUsIoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IeoEQkQc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ckIcsIAA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YiYAsAAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mUUQEwow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JcAIIAsk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RscEMcgY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lWYMAEEw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dGkswsIU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bUgQYUww.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IkkQUQow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VosAgIgw.bat (4 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (7726 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (2321 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (30812 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (2321 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (3073 bytes)
C:\totalcmd\TCUNINST.EXE.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\KAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (3361 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (3073 bytes)
C:\totalcmd\TCMDX32.EXE.exe (3361 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (3361 bytes)
C:\totalcmd\TcUsbRun.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (5441 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (2321 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 618496 | 618496 | 5.52414 | 7a741cb4fab49e737845c06ed0589f54 |
.rdata | 622592 | 4096 | 512 | 1.92687 | 10b0a061bb0523a8c1b941334d040738 |
.data | 626688 | 164 | 512 | 2.17943 | 29cd33dc07262d68c56cdf4a44da62dd |
.rsrc | 630784 | 4444 | 4608 | 3.56189 | 8ea8f9ce3e86478897c4c3c7940833b3 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://google.com/ | 216.58.209.206 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET / HTTP/1.1
Host: google.com
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=dN66VMfSDamt8webtYDYDA
Content-Length: 262
Date: Sat, 17 Jan 2015 22:13:08 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.02
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=dN66VMfSDamt8webtYDYDA">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Cache-Control: private..Content-Type: text/html; charset=UTF-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=dN66VMfSDamt8webtYDYDA..Content-Length: 262..Date: Sat, 17 Jan 2015 22:13:08 GMT..Server: GFE/2.0..Alternate-Protocol: 80:quic,p=0.02..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=dN66VMfSDamt8webtYDYDA">here</A>...</BODY></HTML>....
GET / HTTP/1.1
Host: google.com
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=od66VOvbOM-AZIv8gPgB
Content-Length: 260
Date: Sat, 17 Jan 2015 22:13:53 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.02
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=od66VOvbOM-AZIv8gPgB">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Cache-Control: private..Content-Type: text/html; charset=UTF-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=od66VOvbOM-AZIv8gPgB..Content-Length: 260..Date: Sat, 17 Jan 2015 22:13:53 GMT..Server: GFE/2.0..Alternate-Protocol: 80:quic,p=0.02..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=od66VOvbOM-AZIv8gPgB">here</A>...</BODY></HTML>....
GET / HTTP/1.1
Host: google.com
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=NN66VIqACpGu8wfO3ILACQ
Content-Length: 262
Date: Sat, 17 Jan 2015 22:12:04 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.02
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=NN66VIqACpGu8wfO3ILACQ">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Cache-Control: private..Content-Type: text/html; charset=UTF-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=NN66VIqACpGu8wfO3ILACQ..Content-Length: 262..Date: Sat, 17 Jan 2015 22:12:04 GMT..Server: GFE/2.0..Alternate-Protocol: 80:quic,p=0.02..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=NN66VIqACpGu8wfO3ILACQ">here</A>...</BODY></HTML>....
GET / HTTP/1.1
Host: google.com
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=NN66VOyAE4-u8wfq44K4BA
Content-Length: 262
Date: Sat, 17 Jan 2015 22:12:04 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.02
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=NN66VOyAE4-u8wfq44K4BA">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Cache-Control: private..Content-Type: text/html; charset=UTF-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=NN66VOyAE4-u8wfq44K4BA..Content-Length: 262..Date: Sat, 17 Jan 2015 22:12:04 GMT..Server: GFE/2.0..Alternate-Protocol: 80:quic,p=0.02..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=NN66VOyAE4-u8wfq44K4BA">here</A>...</BODY></HTML>....
GET / HTTP/1.1
Host: google.com
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=t966VJupGaWt8wfywYBw
Content-Length: 260
Date: Sat, 17 Jan 2015 22:14:15 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.02
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=t966VJupGaWt8wfywYBw">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Cache-Control: private..Content-Type: text/html; charset=UTF-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=t966VJupGaWt8wfywYBw..Content-Length: 260..Date: Sat, 17 Jan 2015 22:14:15 GMT..Server: GFE/2.0..Alternate-Protocol: 80:quic,p=0.02..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=t966VJupGaWt8wfywYBw">here</A>...</BODY></HTML>....
Map
The Malware connects to the servers at the folowing location(s):
Strings from Dumps
fGAwoYMM.exe_1864:
.text
.text
`.rdata
`.rdata
@.data
@.data
3E.Pcq:P!V^
3E.Pcq:P!V^
#%Xkq.
#%Xkq.
.JF{
.JF{
U%Sa@
U%Sa@
('%D^q-*
('%D^q-*
?|Q%f
?|Q%f
SE?.rn~M*
SE?.rn~M*
.Dhe4
.Dhe4
E.IdJWH
E.IdJWH
%k%cn>x_
%k%cn>x_
?%uRc!
?%uRc!
%3.UGiO0
%3.UGiO0
]w.LQ
]w.LQ
I 4keyy
I 4keyy
L%C['
L%C['
7.BLP
7.BLP
;.StH
;.StH
>.Qlx #6
>.Qlx #6
Microsoft Windows
Microsoft Windows
%doi,
%doi,
P.yrBX.
P.yrBX.
PB]%C
PB]%C
%FoS(
%FoS(
F<.cs>
F<.cs>
user32.dll
user32.dll
kernel32.dll
kernel32.dll
ZwRequestPort
ZwRequestPort
ntdll.dll
ntdll.dll
fGAwoYMM.exe_1864_rwx_00401000_00069000:
3E.Pcq:P!V^
3E.Pcq:P!V^
#%Xkq.
#%Xkq.
.JF{
.JF{
U%Sa@
U%Sa@
('%D^q-*
('%D^q-*
?|Q%f
?|Q%f
SE?.rn~M*
SE?.rn~M*
.Dhe4
.Dhe4
E.IdJWH
E.IdJWH
%k%cn>x_
%k%cn>x_
?%uRc!
?%uRc!
%3.UGiO0
%3.UGiO0
]w.LQ
]w.LQ
I 4keyy
I 4keyy
L%C['
L%C['
7.BLP
7.BLP
;.StH
;.StH
>.Qlx #6
>.Qlx #6
Microsoft Windows
Microsoft Windows
%doi,
%doi,
P.yrBX.
P.yrBX.
PB]%C
PB]%C
%FoS(
%FoS(
F<.cs>
F<.cs>
fGAwoYMM.exe_1864_rwx_00900000_00068000:
3E.Pcq:P!V^
3E.Pcq:P!V^
#%Xkq.
#%Xkq.
.JF{
.JF{
U%Sa@
U%Sa@
('%D^q-*
('%D^q-*
?|Q%f
?|Q%f
SE?.rn~M*
SE?.rn~M*
.Dhe4
.Dhe4
E.IdJWH
E.IdJWH
%k%cn>x_
%k%cn>x_
?%uRc!
?%uRc!
%3.UGiO0
%3.UGiO0
]w.LQ
]w.LQ
I 4keyy
I 4keyy
L%C['
L%C['
7.BLP
7.BLP
;.StH
;.StH
>.Qlx #6
>.Qlx #6
$g.Gd
$g.Gd
P.yrBX.
P.yrBX.
PB]%C
PB]%C
%FoS(
%FoS(
F<.cs>
F<.cs>
fGAwoYMM.exe_1864_rwx_00980000_00001000:
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
NesIMIQs.exe_228:
.text
.text
`.rdata
`.rdata
@.data
@.data
3E.Pcq:P!V^
3E.Pcq:P!V^
#%Xkq.
#%Xkq.
:4.aK1
:4.aK1
t$.qo&
t$.qo&
.CUj
.CUj
D~%UmHgb
D~%UmHgb
@udp,*q>h
@udp,*q>h
J.YU
J.YU
b%}_%X^
b%}_%X^
T.TG#x
T.TG#x
.XGs[
.XGs[
Windows Internet Explorer
Windows Internet Explorer
Windows Task Manager
Windows Task Manager
taskmgr.exetaskkill /F /IM taskmgr.exe /T
taskmgr.exetaskkill /F /IM taskmgr.exe /T
v\6DÃ
v\6DÃ
`A YÑ
`A YÑ
`@,RÃ
`@,RÃ
bV
bV
%F(^q\x
%F(^q\x
iI%fv- px
iI%fv- px
iF%fv- px
iF%fv- px
x.dJ5
x.dJ5
pA,^jUx.lG,^VGx3d_4s
pA,^jUx.lG,^VGx3d_4s
x=kAx.lG,^VGx3d_4^d]
x=kAx.lG,^VGx3d_4^d]
3%>RO%x1
3%>RO%x1
pKx.pP=
pKx.pP=
j]t^Vxx-2}xOG
j]t^Vxx-2}xOG
v[x.pQUtQ[=^IR5
v[x.pQUtQ[=^IR5
v[x.pQxO3
v[x.pQxO3
jWx.dA3s
jWx.dA3s
l]x.qJx2qWUtIV.
l]x.qJx2qWUtIV.
>R.dJ1
>R.dJ1
dWqP%u7
dWqP%u7
\Z%0X~]
\Z%0X~]
\Z%0X~
\Z%0X~
>.Qlx #6
>.Qlx #6
Vp
Microsoft Windows
.Ry g
kernel32.dll
user32.dllfGAwoYMM.exe_1864_rwx_00BC0000_00001000:
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMMfGAwoYMM.exe_1864_rwx_00BD0000_00001000:
%Documents and Settings%\All Users\hcYYccwo\NesIMIQsfGAwoYMM.exe_1864_rwx_00BE0000_00001000:
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.inffGAwoYMM.exe_1864_rwx_00BF0000_00001000:
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.inffGAwoYMM.exe_1864_rwx_00C00000_00001000:
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exereIEcoQI.exe_232:
.text
`.rdata
@.data
3E.Pcq:P!V^
#%Xkq.
.JF{U%Sa@('%D^q-*?|Q%fSE?.rn~M*.Dhe4E.IdJWH%k%cn>x_?%uRc!%3.UGiO0]w.LQI 4keyyL%C['7.BLP;.StH>.Qlx #62software\microsoft\windows\currentversion\runP.yrBX.PB]%C%FoS(F<.cs>ntdll.dllkernel32.dlluser32.dllfGAwoYMM.exe_1864_rwx_00C10000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exefGAwoYMM.exe_1864_rwx_00C40000_00001000:fGAwoYMM.exefGAwoYMM.exe_1864_rwx_00C50000_00001000:NesIMIQs.exefGAwoYMM.exe_1864_rwx_00C60000_00001000:taskkill /FI "USERNAME eq adm" /F /IM fGAwoYMM.exefGAwoYMM.exe_1864_rwx_00C70000_00001000:taskkill /FI "USERNAME eq adm" /F /IM NesIMIQs.exefGAwoYMM.exe_1864_rwx_00C80000_00001000:%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exefGAwoYMM.exe_1864_rwx_00C90000_00001000:%Documents and Settings%\All Users\KAAo.txtfGAwoYMM.exe_1864_rwx_00CA0000_00001000:notepad.exe "%Documents and Settings%\All Users\KAAo.txt"fGAwoYMM.exe_1864_rwx_00CB0000_00001000:%Documents and Settings%\All Users\JuwEIgUENesIMIQs.exe_228_rwx_00401000_00069000:3E.Pcq:P!V^#%Xkq.:4.aK1t$.qo&.CUjD~%UmHgb@udp,*q>hJ.YUb%}_%X^T.TG#x.XGs[Windows Internet ExplorerWindows Task Managertaskmgr.exetaskkill /F /IM taskmgr.exe /Tv\6DÃ`A YÑ`@,RÃbV%F(^q\xiI%fv- pxiF%fv- pxx.dJ5pA,^jUx.lG,^VGx3d_4sx=kAx.lG,^VGx3d_4^d]3%>RO%x1pKx.pP=j]t^Vxx-2}xOGv[x.pQUtQ[=^IR5v[x.pQxO3jWx.dA3sl]x.qJx2qWUtIV.>R.dJ1dWqP%u7\Z%0X~]\Z%0X~>.Qlx #6VpMicrosoft Windows.Ry gNesIMIQs.exe_228_rwx_00900000_00068000:3E.Pcq:P!V^#%Xkq..JF{U%Sa@('%D^q-*?|Q%fSE?.rn~M*.Dhe4E.IdJWH%k%cn>x_?%uRc!%3.UGiO0]w.LQI 4keyyL%C['7.BLP;.StH>.Qlx #6$g.GdP.yrBX.PB]%C%FoS(F<.cs>NesIMIQs.exe_228_rwx_00980000_00001000:C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\TempNesIMIQs.exe_228_rwx_00BB0000_00001000:.hhr}NesIMIQs.exe_228_rwx_00BC0000_00001000:%Documents and Settings%\%current user%\dUskcAww\fGAwoYMMNesIMIQs.exe_228_rwx_00BD0000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQsNesIMIQs.exe_228_rwx_00BE0000_00001000:%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.infNesIMIQs.exe_228_rwx_00BF0000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.infNesIMIQs.exe_228_rwx_00C00000_00001000:%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exeNesIMIQs.exe_228_rwx_00C10000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exeNesIMIQs.exe_228_rwx_00C40000_00001000:fGAwoYMM.exeNesIMIQs.exe_228_rwx_00C50000_00001000:NesIMIQs.exeNesIMIQs.exe_228_rwx_00C60000_00001000:taskkill /FI "USERNAME eq adm" /F /IM fGAwoYMM.exeNesIMIQs.exe_228_rwx_00C70000_00001000:taskkill /FI "USERNAME eq adm" /F /IM NesIMIQs.exeNesIMIQs.exe_228_rwx_00C80000_00001000:%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exeNesIMIQs.exe_228_rwx_00C90000_00001000:%Documents and Settings%\All Users\KAAo.txtNesIMIQs.exe_228_rwx_00CA0000_00001000:notepad.exe "%Documents and Settings%\All Users\KAAo.txt"NesIMIQs.exe_228_rwx_00CB0000_00001000:%Documents and Settings%\All Users\JuwEIgUENesIMIQs.exe_228_rwx_01100000_02300000:ole32.dllkernel32.dlluser32.dll:yffp%u{F.ru=m.JS.Nf}c6,%U_%C& ~A;C.uc0OW%X%.C}|-uDP)].IVlG$.HER.AfWn.beV0S?Mc.YfD*.Nvdc%SbwFq.zFY((XT.''.ImiZgm-is}L-Ocv}L*7 ?.Ok//%%uF~WK.yeq.Dxl(a.Sxl).jvos}e#r\4,z\>-Z}y.HDM!.ufm3" %xH.Kx1!\:51d%dL.ULO_U6^!%X$a'e.YR_/xr'%Xo#.MXE%fO $vO"TZYòNesIMIQs.exe_228_rwx_03900000_01E00000:.text`.rdata@.data.rsrc@.relocu%Uh`QSSShQVSSht.PShT$lRSSh| "UDPQRhL$ QSShL$,QSShQSSShlVURVSShlVUt.Ph\tGHt.Ht&operand of unlimited repeat could match the empty stringPOSIX named classes are supported only within a classerroffset passed as NULLPOSIX collating elements are not supportedthis version of PCRE is not compiled with PCRE_UTF8 supportPCRE does not support \L, \l, \N{name}, \U, or \usupport for \P, \p, and \X has not been compiledthis version of PCRE is not compiled with PCRE_UCP support\N is not supported in a classinflate 1.2.5 Copyright 1995-2010 Mark AdlerPlease contact the application's support team for more information.- Attempt to initialize the CRT more than once.- CRT not initialized- floating point support not loadedoperatorGetProcessWindowStationUSER32.DLLRtlRunOnceExecuteOnceadvapi32_hack::try_hack: bad PE passedadvapi32_hack::try_hack: cannot read import tableadvapi32_hack::try_hack: cannot find section .text.dataadvapi32_hack::try_hack: cannot find section .dataadvapi32_hack::try_hack: cannot read section .textCannot read module %s, error %dCannot read exports of %s, error %dadvapi32_hack::try_hack: cannot read exports, error %d.apisetBad .apiset catalog - don`t fit in sectionString in cat item %d not in sectionValue in cat item %d not in sectionBad referred in cat item %dDouble mapped value in cat item %d not in sectionBad double referred in cat item %dBaseSrvRegisterWowExecBaseSrvGetProcessShutdownParamBaseSrvSetProcessShutdownParambasesrv.dllUnknown size of BaseServerApiDispatchTable: %dServerDll[%d] %pcsrsrv.dllCsrExecServerThreadServerDll[%d]:ApiDispatchTable: %p %sConnectRoutine: %p %sDisconnectRoutine: %p %sHardErrorRoutine: %p %sAddProcessRoutine: %p %sShutdownProcessRoutine: %p %sCannot open dir %S, error %dclean_old_drvs: error %d on deleting file %SCannot find resource %XCannot load resource %XResource %d has zero lengthCannot lock resource %XCannot unpack resource %XCannot create file %S, error %d1.2.5Decompress buffer %d bytes too smallDxDvpWaitForVideoPortSyncDxDvpUpdateVideoPortDxDvpGetVideoPortConnectInfoDxDvpGetVideoPortOutputFormatsDxDvpGetVideoPortLineDxDvpGetVideoPortInputFormatsDxDvpGetVideoPortFlipStatusDxDvpGetVideoPortFieldDxDvpGetVideoPortBandwidthDxDvpFlipVideoPortDxDvpDestroyVideoPortDxDvpCreateVideoPortDxDvpCanCreateVideoPortDxDdSetColorKeyCannot read gaDxgFuncs handlers, readed %X bytes.rdataCannot read DxgCoreInterface handlers, readed %X bytesUnknown acpi table version: %XSBP2PORT_MaskSTORMINIPORT_MaskSTORPORT_MaskTCPIP6_MaskWSOCKTRANSPORT_MaskFCPORT_MaskSOFTPCI_MaskTCPIP_MaskSCSIMINIPORT_MaskSCSIPORT_MaskUnknown KdComponentTableSize size %Xdump_kd_masks return %X bytes, error %d, ntstatus %Xdump_kd_masks return %X bytes, error %ddump_kd_masks(%s) return %X bytes, error %d, ntstatus %Xdump_kd_masks(%s) return %X bytes, error %d%-*s: %Xread_kopts_length(%s) return %X bytes, error %d, ntstatus %Xread_kopts_length(%s) return %X bytes, error %dCannot alloc %X bytesCannot realloc %X bytes for %sread_kopts(%s) return %X bytes, error %d, ntstatus %Xread_kopts(%s) return %X bytes, error %d%S (%s): %X%S (%s):dump_kopts(%s) return %X bytes, error %d, ntstatus %Xdump_kopts(%s) return %X bytes, error %dMmSupportWriteWatchKiPassiveWatchdogTimeoutViImageExecutionOptionsDbgkErrorPortStartTimeoutDbgkErrorPortCommTimeoutMmDisablePagingExecutiveCmDefaultLanguageIdDbgkpMaxModuleMsgsIoCountOperationsKeDelayExecutionThreadresolve_IoFreeIrp: bad addr of %sget_interrupt_dispatch: cannot alloc %d bytesUnknown kernel options: %SPsGetProcessWin32WindowStationKeIsExecutingDpcbad addr of KeIsExecutingDpcBad pnp handler item %d (%d)Cannot find %sks.sys: cannot get KoCreateInstanceImportContextExportContextSpChangeAccountPasswordFnCallPackagePassthrough%SystemRoot%\System32\GetServiceAccountPasswordDPAPIPasswordChangeForGMSAGetCredentialKeyINotifyPasswordChanged%s PolicyChangeNotificationCallbacksPolicyChangeNotificationCallback[%d]: %d items[%d] %p %p %p %p %slsasrv_hack::try_hack: bad PE passedlsasrv_hack::try_hack: cannot find section .datalsasrv_hack::try_hack: cannot read section .datalsasrv_hack::try_hack: bad section passedlsasrv_hack::try_hack: cannot read exports, error %dLsaICallPackagePassthroughlsasrv.dllVaultLogonSessionNotification: %p %sStart of driver %S failed !WSPJoinLeafMSAFD_WSPSendMsgMSAFD_WSPRecvMsgmswsock.dllCheckProc: cannot open process PID %d, error %d, ntstatus %XCheckProc: cannot open process PID %d, error %dthreaded_processes_checker exception occured, error %XMyWindowsChecker: len %d, kernel name %sCannot get kernel name, error %dKill process %dCheck processes in %d threadsCannot find process %dUsage: %S [options]-wmi - report about WMI entries-uem - check for Unknown Executable Memory-npo - dump RPC Named Pipes Owner-rdata - check .rdata sections too-rpc - report about RPC interfacesDeriveKeyNotifyChangeKeyEnumKeysIsAlgSupportedFreeKeyDeleteKeyFinalizeKeySetKeyPropertyCreatePersistedKeyOpenKeyOpenPrivateKeyImportKeyImportMasterKeyGetKeyPropertyGenerateSessionKeysGenerateMasterKeyExportKeyCreateEphemeralKeyComputeEapKeyBlockncrypt_hack::check_in_proc: cannot alloc %d bytesGetKeyStorageInterfaceCannot load %s (copy of %s), error %dCannot load module %s, error %dCannot read module %s import tableNdisMRegisterMiniportDriverresolve_minidrivers_list: bad addr of NdisMRegisterMiniportDriverNdisMRegisterMiniportresolve_minidrivers_list: cannot find NdisMRegisterMiniportresolve_minidrivers_list: bad addr of NdisMRegisterMiniportresolve_miniports_list: cannot find NdisIMInitializeDeviceInstanceExresolve_miniports_list: bad addr of NdisIMInitializeDeviceInstanceExOID_CO_TAPI_DONT_REPORT_DIGITSOID_CO_TAPI_REPORT_DIGITSOID_QOS_OPERATIONAL_PARAMETERSOID_TCP_TASK_IPSEC_OFFLOAD_V2_ADD_SA_EXOID_TCP_TASK_IPSEC_OFFLOAD_V2_UPDATE_SAOID_TCP_TASK_IPSEC_OFFLOAD_V2_DELETE_SAOID_TCP_TASK_IPSEC_OFFLOAD_V2_ADD_SAOID_TCP_CONNECTION_OFFLOAD_PARAMETERSOID_FFP_SUPPORTOID_TCP_CONNECTION_OFFLOAD_HARDWARE_CAPABILITIESOID_TCP_CONNECTION_OFFLOAD_CURRENT_CONFIGOID_TCP_OFFLOAD_HARDWARE_CAPABILITIESOID_TCP_OFFLOAD_PARAMETERSOID_TCP_OFFLOAD_CURRENT_CONFIGOID_TCP6_OFFLOAD_STATSOID_TCP4_OFFLOAD_STATSOID_TCP_TASK_IPSEC_DELETE_UDPESP_SAOID_TCP_TASK_IPSEC_ADD_UDPESP_SAOID_TCP_SAN_SUPPORTOID_TCP_TASK_IPSEC_DELETE_SAOID_TCP_TASK_IPSEC_ADD_SAOID_TCP_TASK_OFFLOADOID_DOT11_SUPPORTED_DSSS_CHANNEL_LISTOID_DOT11_SUPPORTED_OFDM_FREQUENCY_LISTOID_DOT11_QOS_TX_QUEUES_SUPPORTEDOID_DOT11_AP_JOIN_REQUESTOID_DOT11_HR_CCA_MODE_SUPPORTEDOID_DOT11_FREQUENCY_BANDS_SUPPORTEDOID_DOT11_SUPPORTED_DATA_RATES_VALUEOID_DOT11_SUPPORTED_RX_ANTENNAOID_DOT11_SUPPORTED_TX_ANTENNAOID_DOT11_REG_DOMAINS_SUPPORT_VALUEOID_DOT11_CCA_MODE_SUPPORTEDOID_DOT11_SUPPORTED_POWER_LEVELSOID_DOT11_DIVERSITY_SUPPORTOID_DOT11_SUPPORTED_PHY_TYPESOID_DOT11_OPERATIONAL_RATE_SETOID_DOT11_JOIN_REQUESTOID_DOT11_CURRENT_OPERATION_MODEOID_DOT11_OPERATION_MODE_CAPABILITYOID_802_11_SUPPORTED_RATESOID_802_11_NETWORK_TYPES_SUPPORTEDOID_802_11_REMOVE_KEYOID_802_11_ADD_KEYOID_IRDA_SUPPORTED_SPEEDSOID_ATM_SUPPORTED_AAL_TYPESOID_ATM_SUPPORTED_SERVICE_CATEGORYOID_ATM_SUPPORTED_VC_RATESOID_FDDI_PORT_ACTIONOID_FDDI_PORT_HARDWARE_PRESENTOID_FDDI_PORT_LER_FLAGOID_FDDI_PORT_PC_WITHHOLDOID_FDDI_PORT_PCM_STATEOID_FDDI_PORT_CONNNECT_STATEOID_FDDI_PORT_LER_ALARMOID_FDDI_PORT_LER_CUTOFFOID_FDDI_PORT_LEM_CTOID_FDDI_PORT_LEM_REJECT_CTOID_FDDI_PORT_LER_ESTIMATEOID_FDDI_PORT_LCT_FAIL_CTOID_FDDI_PORT_EB_ERROR_CTOID_FDDI_PORT_PC_LSOID_FDDI_PORT_BS_FLAGOID_FDDI_PORT_MAINT_LSOID_FDDI_PORT_INDEXOID_FDDI_PORT_CONNECTION_CAPABILITIESOID_FDDI_PORT_PMD_CLASSOID_FDDI_PORT_MAC_LOOP_TIMEOID_FDDI_PORT_AVAILABLE_PATHSOID_FDDI_PORT_MAC_PLACEMENTOID_FDDI_PORT_REQUESTED_PATHSOID_FDDI_PORT_CURRENT_PATHOID_FDDI_PORT_MAC_INDICATEDOID_FDDI_PORT_CONNECTION_POLICIESOID_FDDI_PORT_NEIGHBOR_TYPEOID_FDDI_PORT_MY_TYPEOID_FDDI_MAC_DOWNSTREAM_PORT_TYPEOID_FDDI_SMT_MSG_TIME_STAMPOID_FDDI_SMT_BYPASS_PRESENTOID_FDDI_SMT_MAC_INDEXESOID_FDDI_SMT_PORT_INDEXESOID_TCP_RSC_STATISTICSOID_SWITCH_PORT_UPDATEDOID_GEN_OPERATIONAL_STATUSOID_SWITCH_PORT_TEARDOWNOID_SWITCH_PORT_FEATURE_STATUS_QUERYOID_SWITCH_PORT_DELETEOID_SWITCH_PORT_CREATEOID_SWITCH_PORT_ARRAYOID_SWITCH_PORT_PROPERTY_ENUMOID_SWITCH_PORT_PROPERTY_DELETEOID_SWITCH_PORT_PROPERTY_UPDATEOID_SWITCH_PORT_PROPERTY_ADDOID_NIC_SWITCH_DELETE_VPORTOID_NIC_SWITCH_ENUM_VPORTSOID_NIC_SWITCH_VPORT_PARAMETERSOID_NIC_SWITCH_CREATE_VPORTOID_GEN_MINIPORT_RESTART_ATTRIBUTESOID_GEN_PORT_AUTHENTICATION_PARAMETERSOID_GEN_PORT_STATEOID_GEN_ENUMERATE_PORTSOID_GEN_TRANSPORT_HEADER_OFFSETOID_GEN_SUPPORTED_GUIDSOID_GEN_MEDIA_SUPPORTEDOID_GEN_SUPPORTED_LISTCannot read gWfpGlobal, readed %X bytesCannot read Wfp callout count, readed %X bytesCannot read Wfp callouts, readed %X bytesCannot read WFP index functions, readed %X bytesiphlpapi.dll%SystemRoot%\System32\iphlpapi.dllAllocateAndGetTcpExTableFromStackAllocateAndGetUdpExTableFromStackGetExtendedTcpTableGetExtendedUdpTableFailed to snapshot TCP endpoints, error %dFailed to snapshot UDP endpoints, error %dCannot alloc %d bytes for UDP extended tableCannot alloc %d bytes for TCP extended tablentdll_hack::try_hack: bad PE passedntdll_hack::try_hack: cannot find section .textntdll_hack::try_hack: cannot read section .textntdll_hack::try_hack: bad section passedntdll_hack::try_hack: cannot read exports, error %d%s channel hooks:ChannelHook[%d]: %p (%p - %s) %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XChannelHook[%d]: %p (%p) %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XMallocSpy: %p vtbl %p - %swebclientmsiexec32msiexectftpftp32cmd32ccmexec32ccmexecchromeoperafirefoxProcess PID %d raise dwwin PID %dCannot alloc new process PID %d %SCannot open svchost process PID %d, error %dproc_list::read: CreateToolhelp32Snapshot failed with error %dPID %d Parent PID %d service {%S} %SPID %d Parent PID %d %SPID %d Parent PID %d kind {%S} %Sread_service_exe_name(%S): cannot expand string %SExWindowStationOpenProcedureCalloutExWindowStationParseProcedureCalloutExWindowStationDeleteProcedureCalloutExWindowStationCloseProcedureCalloutExWindowStationOkToCloseProcedureCalloutread_w8_callout failed, len %d, returned %d bytes, error %d, ntstatus %Xread_w8_callout failed, len %d, returned %d bytes, error %dPsWin32CallBack: %p %p %scheck_callouts: cannot alloc %X bytes (size %d)check_callouts failed, error %d, status %Xcheck_callouts failed, error %dCallouts (%d):%s: %p %sark_check_callbacks: cannot read size of callbacks list, error %d, ntstatus %Xark_check_callbacks: cannot read size of callbacks list, error %dark_check_callbacks: cannot read %d bytes (readed %d), error %d, ntstatus %Xark_check_callbacks: cannot read %d bytes (readed %d), error %dCB: %S, total %X:%p (%s)check_shutdown_callbacks: cannot read size of callbacks list, error %d, ntstatus %Xcheck_shutdown_callbacks: cannot read size of callbacks list, error %dcheck_shutdown_callbacks: cannot read callbacks list of %s, error %d, ntstatus %Xcheck_shutdown_callbacks: cannot read callbacks list of %s, error %d%s - %d:FastIoUnlockAllByKeyMJ_CREATE_NAMED_PIPE%s!%s.%s patched by %s, addr %p%s!%s[%d] patched by %s, addr %pCannot open driver dumpfile %s, error %dCannot open kernel dumpfile %s, error %dCannot read driver %s, error %dhal.dllShadow SDT: %p, limit %Xwin32k.sysCannot relocate section %s.%sCannot alloc %X bytes for reading driver section %s.%sDriver %s!%s has %X patched bytes !.orig.kmemCannot read driver section %s.%s (flags %X) at %p size %X readed %X, error %d, ntstatus %XCannot read driver section %s.%s (flags %X) at %p size %X readed %X, error %dCannot read kernel %s, error %dntoskrnl.exeCannot alloc %X bytes for reading kernel sectionsCannot relocate section %sKernelSection %s rva %X, size %X, 0x%X relocs has 0x%X patched bytes !Cannot read (whole) section %s (flags %X) at %p size %X (readed %X), error %d\SystemRoot\system32\hal.dll\SystemRoot\system32\halapic.dll\SystemRoot\system32\halmps.dll\SystemRoot\system32\halacpi.dll\SystemRoot\system32\halaacpi.dll\SystemRoot\system32\halmacpi.dll%SystemRoot%\System32\hal.dllhalapic.dllhalmps.dllhalacpi.dllhalaacpi.dllhalmacpi.dllDriver %S DrvObj %p:DriverUnload patched by %s, addr %pDriverStartIo patched by %s, addr %pAddDevice patched by %s, addr %pHandler %s patched by %s, addr %pHandler %s patched, addr %pHandler %d patched by %s, addr %pHandler %d patched, addr %pFastIOHandler %s patched by %s, addr %pFastIOHandler %s patched, addr %pFastIOHandler %d patched by %s, addr %pFastIOHandler %d patched, addr %pFS_FILTER_CALLBACKS %s patched by %s, addr %pFS_FILTER_CALLBACKS %s patched, addr %pFS_FILTER_CALLBACKS %d patched by %s, addr %pFS_FILTER_CALLBACKS %d patched, addr %pStartIo patched by %s, addr %pread_fsmjxxx(%S): cannot make full driver nameread_fsmjxxx(%S) failed, error %d, ntstatus %Xread_fsmjxxx(%S) failed, error %dread_mjxxx(%s): cannot make full driver nameread_mjxxx(%S) failed, error %d, ntstatus %Xread_mjxxx(%S) failed, error %dCannot alloc %X bytes for driver %s EAT checkingread_driver_eat %s failed, error %d, status %Xread_driver_eat %s failed, error %dExport addr %s.%s patched by %s !Export addr %s.%s patched !Export addr %s.%d patched by %s !Export addr %s.%d patched!\hal.dll\SystemRoot\system32\drivers\ndis.sysndis.sysdrivers\ndis.sys\SystemRoot\system32\DRIVERS\tdi.systdi.sysdrivers\tdi.sys\SystemRoot\system32\DRIVERS\tcpip.systcpip.sysdrivers\tcpip.sys\SystemRoot\system32\DRIVERS\netio.sysnetio.sysdrivers\netio.sys\SystemRoot\system32\DRIVERS\fltmgr.sysfltmgr.sysdrivers\fltmgr.sys\SystemRoot\system32\DRIVERS\ks.sysks.sysdrivers\ks.sys\SystemRoot\system32\DRIVERS\dxg.sysdrivers\dxg.sys\SystemRoot\system32\DRIVERS\dxgkrnl.sysdrivers\dxgkrnl.sys\SystemRoot\system32\DRIVERS\watchdog.sysdrivers\watchdog.sys\SystemRoot\system32\DRIVERS\ksecdd.sysksecdd.sysdrivers\ksecdd.sys\SystemRoot\System32\Drivers\Ntfs.sysntfs.sys\SystemRoot\system32\CLFS.SYSCLFS.SYS\SystemRoot\system32\drivers\ataport.sysataport.sys\SystemRoot\system32\drivers\atapi.sysatapi.sys\SystemRoot\system32\drivers\peauth.syspeauth.sys\SystemRoot\system32\drivers\WDFLDR.sysWDFLDR.sys\SystemRoot\system32\drivers\usbstor.sysusbstor.sys\SystemRoot\system32\drivers\usbd.sysusbd.sys\SystemRoot\system32\drivers\USBPORT.sysUSBPORT.sys\SystemRoot\system32\drivers\usbohci.sysusbohci.sys\SystemRoot\system32\drivers\usbehci.sysusbehci.sys\SystemRoot\system32\drivers\usbhub.sysusbhub.sys\SystemRoot\system32\drivers\usbccgp.sysusbccgp.sys\SystemRoot\system32\drivers\discache.sysdiscache.sys\SystemRoot\system32\drivers\termdd.systermdd.sys\SystemRoot\system32\drivers\rdppr.sysrdppr.sys\SystemRoot\system32\drivers\mssmbios.sysmssmbios.sys\SystemRoot\system32\drivers\1394BUS.SYS1394BUS.SYS\SystemRoot\system32\drivers\BATTC.SYSBATTC.SYS\SystemRoot\system32\drivers\bthport.sysbthport.sys\SystemRoot\system32\drivers\drmk.sysdrmk.sys\SystemRoot\system32\drivers\HIDPARSE.SYSHIDPARSE.SYS\SystemRoot\system32\drivers\HIDCLASS.SYSHIDCLASS.SYS\SystemRoot\system32\drivers\msiscsi.sysmsiscsi.sys\SystemRoot\system32\drivers\PCIIDEX.SYSPCIIDEX.SYS\SystemRoot\system32\drivers\portcls.sysportcls.sys\SystemRoot\system32\drivers\smsmdm.syssmsmdm.sys\SystemRoot\system32\drivers\STREAM.SYSSTREAM.SYS\SystemRoot\system32\drivers\vga.sysvga.sys\SystemRoot\system32\drivers\VIDEOPRT.SYSVIDEOPRT.SYS\SystemRoot\system32\drivers\vmstorfl.sysvmstorfl.sys\SystemRoot\system32\drivers\Dxapi.sysDxapi.sys\SystemRoot\system32\drivers\dxgthk.sysdxgthk.sys\SystemRoot\system32\drivers\dxgmms1.sysdxgmms1.sys\SystemRoot\system32\drivers\spsys.sysspsys.sys\SystemRoot\system32\drivers\winhv.syswinhv.sys\SystemRoot\system32\drivers\HdAudio.sysHdAudio.sys\SystemRoot\System32\cdd.dllcdd.dll\SystemRoot\System32\ATMFD.DLLATMFD.DLL\SystemRoot\System32\RDPDD.dllRDPDD.dll\SystemRoot\system32\drivers\vwifibus.sysvwifibus.sys\SystemRoot\system32\drivers\nwifi.sysnwifi.sys\SystemRoot\system32\drivers\vwififlt.sysvwififlt.sys\SystemRoot\system32\drivers\wfplwf.syswfplwf.sys\SystemRoot\system32\drivers\wfplwfs.syswfplwfs.sys\SystemRoot\system32\drivers\tmtdi.systmtdi.sys\SystemRoot\system32\drivers\netvsc60.sysnetvsc60.sys\SystemRoot\system32\drivers\mslldp.sysmslldp.sys\SystemRoot\system32\drivers\netvsc63.sysnetvsc63.sys\SystemRoot\system32\drivers\ndiscap.sysndiscap.sys\SystemRoot\system32\drivers\agilevpn.sysagilevpn.sys\SystemRoot\system32\drivers\asyncmac.sysasyncmac.sys\SystemRoot\system32\drivers\mpsdrv.sysmpsdrv.sys\SystemRoot\system32\drivers\rspndr.sysrspndr.sys\SystemRoot\system32\drivers\ndisuio.sysndisuio.sys\SystemRoot\system32\drivers\lltdio.syslltdio.sys\SystemRoot\system32\drivers\NDProxy.sysNDProxy.sys\SystemRoot\system32\drivers\raspppoe.sysraspppoe.sys\SystemRoot\system32\drivers\ndiswan.sysndiswan.sys\SystemRoot\system32\drivers\wanarp.syswanarp.sys\SystemRoot\system32\drivers\bthpan.sysbthpan.sys\SystemRoot\system32\drivers\rassstp.sysrassstp.sys\SystemRoot\system32\drivers\raspptp.sysraspptp.sys\SystemRoot\system32\drivers\rasl2tp.sysrasl2tp.sys\SystemRoot\system32\drivers\rasacd.sysrasacd.sys\SystemRoot\system32\drivers\tunnel.systunnel.sys\SystemRoot\system32\drivers\tunmp.systunmp.sys\SystemRoot\system32\drivers\pacer.syspacer.sys\SystemRoot\system32\drivers\NDISTAPI.SYSNDISTAPI.SYS\SystemRoot\system32\drivers\msgpc.sysmsgpc.sys\SystemRoot\system32\drivers\partmgr.syspartmgr.sys\SystemRoot\system32\drivers\volmgr.sysvolmgr.sys\SystemRoot\system32\drivers\volmgrx.sysvolmgrx.sys\SystemRoot\system32\drivers\mountmgr.sysmountmgr.sys\SystemRoot\system32\drivers\iaStor.sysiaStor.sys\SystemRoot\system32\drivers\volsnap.sysvolsnap.sys\SystemRoot\system32\drivers\ACPI.sysacpi.sys\SystemRoot\System32\Drivers\WppRecorder.sysWppRecorder.sys\SystemRoot\System32\Drivers\Mouclass.sysMouclass.sys\SystemRoot\System32\Drivers\kbdclass.syskbdclass.sys\SystemRoot\System32\Drivers\Fastfat.SYSFastfat.sys\SystemRoot\System32\Drivers\bowser.sysbowser.sys\SystemRoot\System32\Drivers\rdbss.sysrdbss.sys\SystemRoot\System32\Drivers\msfs.sysmsfs.sys\SystemRoot\System32\Drivers\NetBIOS.sysNetBIOS.sys\SystemRoot\System32\Drivers\mup.sysmup.sys\SystemRoot\System32\Drivers\dfs.sysdfs.sys\SystemRoot\System32\Drivers\dfsc.sysdfsc.sys\SystemRoot\System32\Drivers\npfs.SYSnpfs.sys\SystemRoot\System32\Drivers\luafv.SYSluafv.sys\SystemRoot\System32\Drivers\MRxSmb.SYSMRxSmb.sys\SystemRoot\System32\Drivers\MRxSmb10.SYSMRxSmb10.sys\SystemRoot\System32\Drivers\MRxSmb20.SYSMRxSmb20.sys\SystemRoot\System32\Drivers\MRxDAV.SYSMRxDAV.sys\SystemRoot\system32\Drivers\fltmgr.sys\SystemRoot\system32\Drivers\TDI.SYS\SystemRoot\system32\Drivers\tdx.sys\SystemRoot\system32\Drivers\ipfltdrv.sys\SystemRoot\system32\Drivers\tcpip.sys\SystemRoot\System32\drivers\afd.sysafd.sys\SystemRoot\System32\drivers\netbt.sys\SystemRoot\System32\drivers\NETIO.sys\SystemRoot\System32\drivers\srv.syssrv.sys\SystemRoot\System32\drivers\srv2.syssrv2.sys\SystemRoot\System32\drivers\srvnet.sys\SystemRoot\System32\drivers\sr.syssr.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\http.syshttp.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\msrpc.sysmsrpc.sys\SystemRoot\system32\DRIVERS\disk.sysdisk.sys\SystemRoot\system32\DRIVERS\ftdisk.sysftdisk.sys\SystemRoot\system32\DRIVERS\Storport.SYSStorport.SYS\SystemRoot\system32\DRIVERS\CLASSPNP.SYSCLASSPNP.SYS\SystemRoot\system32\Drivers\ks.sys\SystemRoot\System32\Drivers\ksecdd.sysksecdd.SYS\SystemRoot\system32\kdcom.dllkdcom.dll\SystemRoot\System32\Drivers\cng.syscng.sys\SystemRoot\system32\PSHED.dllPSHED.dll\SystemRoot\system32\CI.dllCI.dll\SystemRoot\system32\DRIVERS\WMILIB.SYSwmilib.sysCannot find %s for IAT resolving of %sCannot alloc %X bytes for drivers IAT checkingCannot find %s import %s.%sCannot find %s import %s.%dIAT %s %s.%s patched, addr %pIAT %s %s.%d patched, addr %pIAT %s %s.%s patched by %s, addr %pIAT %s %s.%d patched by %s, addr %p%s has %d patched IAT entries (total %d)reading of IAT %s failed, readed %X, actual IAT size %X, error %dcheck_exts count failed, error %d, ntstatus %Xcheck_exts count failed, error %dcheck_exts: cannot alloc %X bytescheck_exts failed, error %d, ntstatus %Xcheck_exts failed, error %dExt[%X]:Handler1: %p %sHandler2: %p %sHandler3: %p %sTable: %X items %p %sItem[%X]: %p %sIRP_MJ_CREATE_NAMED_PIPEUnknown fltmgr: FrameList %X FilterSize %X cbn %XUnknown fltmgr: FrameList %X FilterSize %XFltMgr: index %dFRAME[%d] %p%s: %pNormalizeNameComponent: %p %sNormalizeContextCleanup: %p %sPreOperation: %p %sPostOperation: %p %scheck_ks: cannot read size of ks list, error %d, ntstatus %Xcheck_ks: cannot read size of ks list, error %dks count: %Xcheck_ks: cannot alloc %X bytescheck_ks: cannot read ks list, error %d, ntstatus %Xcheck_ks: cannot read ks list, error %dks[%d] %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XChangeAccountPasswordImportSecurityContextExportSecurityContextgKsecpBCryptExtension: %p %sgKsecpSslExtension: %p %sSecTable.%s patched %p %sdxg.sysdxgkrnl.sysWin32kCallout: %p %sSessionStartCallout: %p %sKTIMER %p DPC %p DefRoutine %p %sCannot find KPRCB.DpcRoutineActiveUnknown KPRCB: DpcRoutineActive %X WorkerRoutine %XUnknown KPRCB: DpcRoutineActive %XProcessor %d:KTIMERS[%d]: %XPatched %s %X by %sPatched ord.%d %X by %sPatched %s %XPatched ord.%d %XPatched %s by %sPatched ord.%d by %sPatched %sPatched ord.%dException %X occured during EAT checking of %scheck_module_iat(%s) - cannot find exports for %scheck_module_iat(%s): zeroed ImportLookUp, cannot check importCannot find ordinal %X in module %s (%s) in import table of %sCannot find symbol %s in module %s (%s) in import table of %s(%s) %s.%s hooked in %s: my IAT %p, must be %p(%s) %s.%d hooked in %s: my IAT %p, must be %papfn %s patched by %s, addr %papfn[%d] patched by %s, addr %papfn %s patched, addr %papfn[%d] patched, addr %p%s%s!%s patched by %s, addr %p%s%s![%d] patched by %s, addr %p%s%s!%s patched, addr %p%s%s![%d] patched, addr %pLSA SP %s has %d patched functions in SECPKG_FUNCTION_TABLE:PID %d: LSA SP %s has %d patched functions in SECPKG_USER_FUNCTION_TABLE:PID %d: LSA SP %s has %d patched functions in CallPackageDispatch:ole32 hooked by %sCannot relocate section %s!%sException %X occured on checking %s!%sModule %s!%s has %X patched bytes !Exception %X occured on check_module_iat(%s)MyModule: %p %s%SystemRoot%\System32\ncrypt.dll%SystemRoot%\System32\ntdsa.dll%SystemRoot%\System32\kernelbase.dll%SystemRoot%\System32\kernel32.dll%SystemRoot%\System32\user32.dll%SystemRoot%\System32\umpnpmgr.dll%SystemRoot%\System32\combase.dll%SystemRoot%\System32\ole32.dll%SystemRoot%\System32\imm32.dll%SystemRoot%\System32\rpcrt4.dll%SystemRoot%\System32\mswsock.dll%SystemRoot%\System32\advapi32.dll%SystemRoot%\System32\cryptbase.dll%SystemRoot%\System32\apisetschema.dllread_ndis_oid_handlers failed, returned %d bytes, error %d, ntstatus %Xread_ndis_oid_handlers failed, returned %d bytes, error %d[%X] %s: post %p %s[%X] %s: pre %p %s[%X] %s: pre %p (%s) post %p (%s)[%X] %X: post %p %s[%X] %X: pre %p %s[%X] %X: pre %p (%s) post %p (%s)read_tcp_off_handlers failed, returned %d bytes, error %d, ntstatus %Xread_tcp_off_handlers failed, returned %d bytes, error %dTcpOfflineHandlers:TcpOffloadEventIndicate: %p %sTcpOffloadReceiveIndicate: %p %sTcpOffloadSendComplete: %p %sTcpOffloadReceiveComplete: %p %sTcpOffloadDisconnectComplete: %p %sTcpOffloadForwardComplete: %p %sCannot alloc %X bytes from reading filter blockread_ndis_filter_block: len %d, returned %d bytes, error %d, ntstatus %Xread_ndis_filter_block: len %d, returned %d bytes, error %dcheck_ndis - reading of TDI callback failed, error %d, ntstatus %Xcheck_ndis - reading of TDI callback failed, error %dcheck_ndis - reading of TDI PnP handler failed, error %d, ntstatus %Xcheck_ndis - reading of TDI PnP handler failed, error %dTDI callback %p patched by %sTDI PnP handler %p patched by %scheck_ndis - reading of providers count failed, error %d, ntstatus %Xcheck_ndis - reading of providers count failed, error %dcheck_ndis: %d providerscheck_ndis: cannot alloc %X bytesCannot store provider_block %p (%d)check_ndis: stored %d provider_blockscheck_ndis - reading of interfaces count failed, error %d, ntstatus %Xcheck_ndis - reading of interfaces count failed, error %dcheck_ndis: %d interfaces, size of miniport %XInterface[%d]:check_ndis - reading of protocols count failed, error %d, ntstatus %Xcheck_ndis - reading of protocols count failed, error %dcheck_ndis: %d protocols, size of protocol %Xcheck_ndis: stored %d protocolscheck_ndis - reading of minidrivers count failed, error %d, ntstatus %Xcheck_ndis - reading of minidrivers count failed, error %dcheck_ndis: %d minidrivers, size of minidriver %X, sizeof(ndis50) %X, sizeof(ndis52) %XCannot store minidriver %d (%p)Stored %d mini-driverscheck_ndis - reading of miniports count failed, error %d, ntstatus %Xcheck_ndis - reading of miniports count failed, error %dcheck_ndis: %d miniports, size of miniport %Xcheck_ndis: read %d miniports, total %XMiniport[%d] %p:check_ndis: stored %d miniports, sizeof(miniport_block_w7) %Xcheck_ndis - reading of open_blocks count failed, error %d, ntstatus %Xcheck_ndis - reading of open_blocks count failed, error %dcheck_ndis: %d open_blocks, size of open_block %Xcheck_ndis: read %d open_blocks, total %XOpen_Block[%d]:Cannot store open_block %p (%d)check_ndis: stored %d open_blockscheck_ndis - reading of filter_drivers count failed, error %d, ntstatus %Xcheck_ndis - reading of filter_drivers count failed, error %dcheck_ndis: %d filter_drivers, size of open_block %Xcheck_ndis: read %d filter_drivers, total %XFilterDriver[%d]:check_ndis: stored %d filter_drivers, %d filter_blocksPassiveread_punicode_string failed, len %d, returned %d bytes, error %d, ntstatus %Xread_punicode_string failed, len %d, returned %d bytes, error %dCannot read NDIS_MINIPORT_INTERRUPT %pNDIS_MINIPORT_INTERRUPT:MiniportIsr: %p %sMiniportDpc: %p %sCannot read NDIS_MINIPORT_INTERRUPT_CHARACTERISTICS %pNDIS_MINIPORT_INTERRUPT_CHARACTERISTICS:InterruptHandler: %p %sInterruptDpcHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sMessageInterruptHandler: %p %sMessageInterruptDpcHandler: %p %sDisableMessageInterruptHandler: %p %sEnableMessageInterruptHandler: %p %sMiniportIsr: %p %sMiniportDpc: %p %sMiniportMessageIsr: %p %sMiniportMessageInterruptDpc: %p %sMiniportIsr: %p %sMiniportDpc: %p %sMiniportEnableInterrupt: %p %sMiniportDisableInterrupt: %p %sMiniportMessageIsr: %p %sMiniportMessageInterruptDpc: %p %sMiniportDisableMessageInterrupt: %p %sMiniportEnableMessageInterrupt: %p %sNDIS Protocol[%d]: %SMajorNdisVersion %dMinorNdisVersion %dFlags %XOpenAdapterCompleteHandler: %p %sCloseAdapterCompleteHandler: %p %sSendCompleteHandler: %p %sTransferDataCompleteHandler: %p %sResetCompleteHandler: %p %sRequestCompleteHandler: %p %sReceiveHandler: %p %sReceiveCompleteHandler: %p %sStatusHandler: %p %sStatusCompleteHandler: %p %sReceivePacketHandler: %p %sBindAdapterHandler: %p %sUnbindAdapterHandler: %p %sPnPEventHandler: %p %sUnloadHandler: %p %sCoSendCompleteHandler: %p %sCoStatusHandler: %p %sCoReceivePacketHandler: %p %sCoAfRegisterNotifyHandler: %p %sMajorNdisVersion %dMinorNdisVersion %dMajorDriverVersion %dMinorDriverVersion %dFlags %XIsIPv4 %dIsIPv6 %dIsNdisTest6 %dBindAdapterHandlerEx: %p %sUnbindAdapterHandlerEx: %p %sOpenAdapterCompleteHandlerEx: %p %sCloseAdapterCompleteHandlerEx: %p %sPnPEventHandler: %p %sUnloadHandler: %p %sUninstallHandler: %p %sRequestCompleteHandler: %p %sStatusHandler: %p %sStatusCompleteHandler: %p %sReceiveNetBufferListsHandler: %p %sSendNetBufferListsCompleteHandler: %p %sCoStatusHandler: %p %sCoAfRegisterNotifyHandler: %p %sCoReceiveNetBufferListsHandler: %p %sCoSendNetBufferListsCompleteHandler: %p %sOpenAdapterCompleteHandler: %p %sCloseAdapterCompleteHandler: %p %sSendCompleteHandler: %p %sTransferDataCompleteHandler: %p %sResetCompleteHandler: %p %sReceiveHandler: %p %sReceiveCompleteHandler: %p %sReceivePacketHandler: %p %sBindAdapterHandler: %p %sUnbindAdapterHandler: %p %sCoSendCompleteHandler: %p %sCoReceivePacketHandler: %p %sOidRequestCompleteHandler: %p %sInitiateOffloadCompleteHandler: %p %sTerminateOffloadCompleteHandler: %p %sUpdateOffloadCompleteHandler: %p %sInvalidateOffloadCompleteHandler: %p %sQueryOffloadCompleteHandler: %p %sIndicateOffloadEventHandler: %p %sTcpOffloadSendCompleteHandler: %p %sTcpOffloadReceiveCompleteHandler: %p %sTcpOffloadDisconnectCompleteHandler: %p %sTcpOffloadForwardCompleteHandler: %p %sTcpOffloadEventHandler: %p %sTcpOffloadReceiveIndicateHandler: %p %sUnknown NDIS Type %X and Size %XDirectOidRequestCompleteHandler: %p %sAllocateSharedMemoryHandler: %p %sFreeSharedMemoryHandler: %p %sUnknown ndis protocol size: %XNDIS MiniDriver[%d] %pMajorNdisVersion: %dMinorNdisVersion: %dCheckForHangHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sHaltHandler %p %sHandleInterruptHandler: %p %sInitializeHandler: %p %sISRHandler: %p %sQueryInformationHandler: %p %sReconfigureHandler: %p %sResetHandler: %p %sSendHandler: %p %sSetInformationHandler: %p %sTransferDataHandler: %p %sReturnPacketHandler: %p %sSendPacketsHandler: %p %sAllocateCompleteHandler: %p %sCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendPacketsHandler: %p %sCoRequestHandler: %p %sCheckForHangHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sHaltHandler %p %sHandleInterruptHandler: %p %sInitializeHandler: %p %sISRHandler: %p %sQueryInformationHandler: %p %sReconfigureHandler: %p %sResetHandler: %p %sSendHandler: %p %sSetInformationHandler: %p %sTransferDataHandler: %p %sReturnPacketHandler: %p %sSendPacketsHandler: %p %sAllocateCompleteHandler: %p %sCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendPacketsHandler: %p %sCoRequestHandler: %p %sCancelSendPacketsHandler: %p %sPnPEventNotifyHandler: %p %sAdapterShutdownHandler: %p %sCheckForHangHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sHaltHandler %p %sHandleInterruptHandler: %p %sInitializeHandler: %p %sISRHandler: %p %sQueryInformationHandler: %p %sReconfigureHandler: %p %sResetHandler: %p %sSendHandler: %p %sSetInformationHandler: %p %sTransferDataHandler: %p %sReturnPacketHandler: %p %sSendPacketsHandler: %p %sAllocateCompleteHandler: %p %sCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendPacketsHandler: %p %sCoRequestHandler: %p %sCancelSendPacketsHandler: %p %sPnPEventNotifyHandler: %p %sAdapterShutdownHandler: %p %sISRHandlerEx: %p %sHandleInterruptHandlerEx: %p %sInitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sReturnPacketsHandlerEx: %p %sRequestTimeoutDpcHandler: %p %sMajorNdisVersion: %dMinorNdisVersion: %dMajorDriverVersion: %dMinorDriverVersion: %dFlags: %XSetOptionsHandler: %p %sInitializeHandlerEx: %p %sHaltHandlerEx: %p %sUnloadHandler: %p %sPauseHandler: %p %sRestartHandler: %p %sOidRequestHandler: %p %sSendNetBufferListsHandler: %p %sReturnNetBufferListsHandler: %p %sCancelSendHandler: %p %sCheckForHangHandlerEx: %p %sResetHandlerEx: %p %sDevicePnPEventNotifyHandler: %p %sShutdownHandlerEx: %p %sCancelOidRequestHandler: %p %sDirectOidRequestHandler: %p %sCancelDirectOidRequestHandler: %p %sNDIS MiniPort[%d] %pState: %sMediaType: %sAdapterType: %sDefaultSendAuthorizationState: %sDefaultRcvAuthorizationState: %sDefaultPortSendAuthorizationState: %sDefaultPortRcvAuthorizationState: %sNextCancelSendNetBufferListsHandler: %p %sPacketIndicateHandler: %p %sSendCompleteHandler: %p %sSendResourcesHandler: %p %sResetCompleteHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sSendPacketsHandler: %p %sDeferredSendHandler: %p %sEthRxIndicateHandler: %p %sNextSendNetBufferListsHandler: %p %sEthRxCompleteHandler: %p %sSavedNextSendNetBufferListsHandler: %p %sStatusHandler: %p %sStatusCompleteHandler: %p %sTDCompleteHandler: %p %sQueryCompleteHandler: %p %sSetCompleteHandler: %p %sWanSendCompleteHandler: %p %sWanRcvHandler: %p %sWanRcvCompleteHandler: %p %sSendNetBufferListsCompleteHandler: %p %sWSendPacketsHandler: %p %sNextSendPacketsHandler: %p %sFinalSendPacketsHandler: %p %sTopIndicateNetBufferListsHandler: %p %sTopIndicateLoopbackNetBufferListsHandler: %p %sNdis5PacketIndicateHandler: %p %sMiniportReturnPacketHandler: %p %sSynchronousReturnPacketHandler: %p %sTopNdis5PacketIndicateHandler: %p %sAllocateSharedMemoryHandler: %p %sFreeSharedMemoryHandler: %p %sSetBusData: %p %sGetBusData: %p %sNoFilter.CancelSendHandler %p %sNoFilter.SendNetBufferListsCompleteHandler %p %sNoFilter.IndicateNetBufferListsHandler %p %sNoFilter.SaveIndicateNetBufferListsHandler %p %sNoFilter.ReturnNetBufferListsHandler %p %sNoFilter.SendNetBufferListsHandler %p %sNext.CancelSendHandler %p %sNext.SendNetBufferListsCompleteHandler %p %sNext.IndicateNetBufferListsHandler %p %sNext.SaveIndicateNetBufferListsHandler %p %sNext.ReturnNetBufferListsHandler %p %sNext.SendNetBufferListsHandler %p %sName: %SBaseName: %SSymbolicLinkName: %SNextCancelSendNetBufferListsHandler %p %sTrRxIndicateHandler: %p %sTrRxCompleteHandler: %p %sIndicateNetBufferListsHandler: %p %sNextReturnNetBufferLists: %p %sSavedIndicateNetBufferListsHandler: %p %sSavedPacketIndicateHandler: %p %sShutdownHandler: %p %sNDIS MiniPort[%d] %SBusType: %sPacketIndicateHandler: %p %sSendCompleteHandler: %p %sSendResourcesHandler: %p %sResetCompleteHandler: %p %sDeferredSendHandler: %p %sEthRxIndicateHandler: %p %sTrRxIndicateHandler: %p %sFddiRxIndicateHandler: %p %sEthRxCompleteHandler: %p %sTrRxCompleteHandler: %p %sFddiRxCompleteHandler: %p %sStatusHandler: %p %sStatusCompleteHandler: %p %sTDCompleteHandler: %p %sQueryCompleteHandler: %p %sSetCompleteHandler: %p %sWanSendCompleteHandler: %p %sWanRcvHandler: %p %sWanRcvCompleteHandler: %p %sAdapterInstanceName: %SOpenBlock [%d] %pRootName: %SBindName: %SProtocolMajorVersion: %XNextSendHandler: %p %sNextReturnNetBufferListsHandler: %p %sSendHandler: %p %sTransferDataHandler: %p %sWanReceiveHandler: %p %sSendPacketsHandler: %p %sResetHandler: %p %sRequestHandler: %p %sOidRequestHandler: %p %sWSendHandler: %p %sWTransferDataHandler: %p %sWSendPacketsHandler: %p %sCancelSendPacketsHandler: %p %sProtSendNetBufferListsComplete: %p %sNextSendNetBufferListsComplete: %p %sReceiveNetBufferLists: %p %sSavedSendNBLHandler: %p %sSavedSendPacketsHandler: %p %sSavedCancelSendPacketsHandler: %p %sSavedSendHandler: %p %sNdis5WanSendHandler: %p %sProtSendCompleteHandler: %p %sOidRequestCompleteHandler %p %sOpenFlags: %XDirectOidRequestHandler: %p %sRootName: %SBindName: %SFlags: %XSendHandler: %p %sWanSendHandler: %p %sTransferDataHandler: %p %sWanReceiveHandler: %p %sSendPacketsHandler: %p %sResetHandler: %p %sRequestHandler: %p %sWSendHandler: %p %sWTransferDataHandler: %p %sWSendPacketsHandler: %p %sCancelSendPacketsHandler: %p %sFlags %XMtu %XPromiscuousMode %dAccessType %sDirectionType %sConnectionType %sMediaType %sMediaConnectState %sAdminStatus %sOperStatus %sInterfaceGuid %sNetworkGuid %sifIndex %XifDescr %SifAlias %SFilterDriverCharacteristics[%d]:FriendlyName: %SUniqueName: %SServiceName: %SSetOptionsHandler: %p %sSetFilterModuleOptionsHandler: %p %sAttachHandler: %p %sDetachHandler: %p %sRestartHandler: %p %sPauseHandler: %p %sSendNetBufferListsHandler: %p %sSendNetBufferListsCompleteHandler: %p %sCancelSendNetBufferListsHandler: %p %sReceiveNetBufferListsHandler: %p %sReturnNetBufferListsHandler: %p %sOidRequestHandler: %p %sOidRequestCompleteHandler: %p %sCancelOidRequestHandler: %p %sDevicePnPEventNotifyHandler: %p %sNetPnPEventHandler: %p %sStatusHandler: %p %sDirectOidRequestHandler: %p %sDirectOidRequestCompleteHandler: %p %sCancelDirectOidRequestHandler: %p %sInterfaceGuid: %sFilterState: %sNextSendNetBufferListsHandler: %p %sNextSendNetBufferListsCompleteHandler: %p %sNextIndicateReceiveNetBufferListsHandler: %p %sNextReturnNetBufferListsHandler: %p %sNextCancelSendNetBufferListsHandler: %p %sSetFilterModuleOptionalHandlers: %p %sOidRequestHandler: %p %sOidRequestCompleteHandler: %p %sCancelRequestHandler: %p %sDevicePnPEventNotifyHandler: %p %sNetPnPEventHandler: %p %sStatusHandler: %p %sFilterSendNetBufferListsHandler: %p %sFilterIndicateReceiveNetBufferListsHandler: %p %sFilterCancelSendNetBufferListsHandler: %p %sInitiateOffloadCompleteHandler: %p %sTerminateOffloadCompleteHandler: %p %sUpdateOffloadCompleteHandler: %p %sInvalidateOffloadCompleteHandler: %p %sQueryOffloadCompleteHandler: %p %sIndicateOffloadEventHandler: %p %sTcpOffloadSendCompleteHandler: %p %sTcpOffloadReceiveCompleteHandler: %p %sTcpOffloadDisconnectCompleteHandler: %p %sTcpOffloadForwardCompleteHandler: %p %sTcpOffloadEventHandler: %p %sTcpOffloadReceiveIndicateHandler: %p %sInitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sDirectOidRequestHandler: %p %sDirectOidRequestCompleteHandler: %p %sCancelDirectOidRequestHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sProvider[%d]: %pQueryObjectHandler: %p %sSetObjectHandler: %p %sFilterDriverBlock[%d]InitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sClCreateVcHandler: %p %sClDeleteVcHandler: %p %sClOidRequestHandler: %p %sClOidRequestCompleteHandler: %p %sClOpenAfCompleteHandlerEx: %p %sClCloseAfCompleteHandler: %p %sClRegisterSapCompleteHandler: %p %sClDeregisterSapCompleteHandler: %p %sClMakeCallCompleteHandler: %p %sClModifyCallQoSCompleteHandler: %p %sClCloseCallCompleteHandler: %p %sClAddPartyCompleteHandler: %p %sClDropPartyCompleteHandler: %p %sClIncomingCallHandler: %p %sClIncomingCallQoSChangeHandler: %p %sClIncomingCloseCallHandler: %p %sClIncomingDropPartyHandler: %p %sClCallConnectedHandler: %p %sClNotifyCloseAfHandler: %p %sCmCreateVcHandler: %p %sCmDeleteVcHandler: %p %sCmOpenAfHandler: %p %sCmCloseAfHandler: %p %sCmRegisterSapHandler: %p %sCmDeregisterSapHandler: %p %sCmMakeCallHandler: %p %sCmCloseCallHandler: %p %sCmIncomingCallCompleteHandler: %p %sCmAddPartyHandler: %p %sCmDropPartyHandler: %p %sCmActivateVcCompleteHandler: %p %sCmDeactivateVcCompleteHandler: %p %sCmModifyCallQoSHandler: %p %sCmOidRequestHandler: %p %sCmOidRequestCompleteHandler: %p %sCmNotifyCloseAfCompleteHandler: %p %sDriverVersion: %XCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendNetBufferListsHandler: %p %sCoRequestHandler: %p %sCoOidRequestHandler: %p %sInitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sAddDeviceHandler: %p %sRemoveDeviceHandler: %p %sFilterResourceRequirementsHandler: %p %sStartDeviceHandler: %p %sServiceName: %SCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendNetBufferListsHandler: %p %sCoRequestHandler: %p %sCoOidRequestHandler: %p %sInitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sAddDeviceHandler: %p %sRemoveDeviceHandler: %p %sFilterResourceRequirementsHandler: %p %sStartDeviceHandler: %p %sOpenNDKAdapterHandler: %p %sCloseNDKAdapterHandler: %p %sIdleNotificationHandler: %p %sCancelIdleNotificationHandler: %p %sAllocateNetBufferListForwardingContextHandler: %p %sFreeNetBufferListForwardingContextHandler: %p %sAddNetBufferListDestinationHandler: %p %sSetNetBufferListSourceHandler: %p %sGrowNetBufferListDestinationsHandler: %p %sGetNetBufferListDestinationsHandler: %p %sUpdateNetBufferListDestinationsHandler: %p %sCopyNetBufferListInfoHandler: %p %sReferenceSwitchNicHandler: %p %sDereferenceSwitchNicHandler: %p %sReferenceSwitchPortHandler: %p %sDereferenceSwitchPortHandler: %p %sReportFilteredNetBufferListsHandler: %p %sImageName: %SSetNetBufferListSwitchContextHandler: %p %sGetNetBufferListSwitchContextHandler: %p %snetio legacy handler %p %sread netio legacy handler failed, error %d, status %Xread netio legacy handler failed, error %d%p %sread netio WfpNblInfoDispTable failed, error %d, status %Xread netio WfpNblInfoDispTable failed, error %dnetio MacShim %p %sWfpShim[%d] %p %sUnknown WFP callout size %dWFP callout[%d]:ClassifyCallback: %p %sNotifyCallback: %p %suFlowDeleteFunction: %p %sException %X on sysptr seed reading at %pDecode system scheme - %sDecode scheme - %sCannot read my process cookie, error %XTrace[%d] %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X (%p) %sTrace[%d] %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X %pSystemFunction%3.3d (%p) %sPFNCLIENT.%s patched by %s (%p)PFNCLIENT.%s patched %pcheck_user32_pfnclient: exception %X occuredPFNCLIENTWORKER.%s patched by %s (%p)PFNCLIENTWORKER.%s patched %pConsoleCtrlHandler[%d]: %s (%p)ConsoleCtrlHandler[%d]: %p UNKNOWNConsoleCtrlHandler: %s (%p)UnhandledExceptionFilter: %s (%p)ShimModule: %s (%p)RtlpStartThreadFunc: %s (%p)RtlpExitThreadFunc: %s (%p)RtlpUnhandledExceptionFilter: %s (%p)RtlSecureMemoryCacheCallback: %s (%p)TppLogpRoutine: %s (%p)CsrServerApiRoutine: %s (%p)LdrpManifestProberRoutine: %s (%p)LdrpCreateActCtxLanguage: %s (%p)LdrpReleaseActCtx: %s (%p)LdrpAppCompatDllRedirectionCallbackFunction: %s (%p)%s%s!%s patched by %s (addr %p)%s%s.%d patched by %s (addr %p)%s%s.%d patched, addr %pPID %d trace callbacks: %dTrace[%d] %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X %p %sProcess PID %d has the same token as system process: %p !!!Process PID %d token: %p%p %s %8X%p %s %8XCheckProc: cannot get modules list for PID %d (%S), error %d, ntstatus %XCheckProc: cannot get modules list for PID %d (%S), error %dCheckProcess PID %d (%S):PEB.PostProcessInitRoutine: %p %sPEB.PostProcessInitRoutine: %p UNKNOWNPEB.pShimData: %pPEB.AppCompat: %pPEB.FastPebLockRoutine: %p %sPEB.FastPebLockRoutine: %p UNKNOWNPEB.FastPebUnlockRoutine: %p %sPEB.FastPebUnlockRoutine: %p UNKNOWNModule: %s at %pCannot read %s, PID %d, error %dPID %d: LSA SP %s has %d patched functions in SECPKG_FUNCTION_TABLE:PID %d: ncrypt has %d patched functionsPID %d: mswsock has %d patched functions in SockProcTablePID %d: mswsock has %d patched functions in NspVectorPID %d: mswsock has %d patched MSAFD functionsSHAREDINFO.aheList: %pPID %d: ntdsa has %d patched functionsPID %d - ole32 hooked by %sPID %d - ole32 hooked by unknown module, addr %pPID %d: rpcrt4 has %d patched functionsPID %d: basesrv has %d patched user functionsPID %d: winsrv has %d patched user functionsPID %d: winsrv has %d patched cons functionsPID %d: lsasrv has %d patched functionsPID %d: lsasrv has %d patched functions in LsapSspiExtensionPID %d: lsasrv has %d patched functions in LsapLookupExtensionPID %d: lsasrv has %d patched functions in LsapLsasrvIfTableCannot alloc %X bytes for EAT checking of %s, PID %dCannot read EAT of %s, PID %dCannot alloc %X bytes for checking section %s of %s, PID %dCannot read section %s content %X bytes of %s, PID %dCannot make section %s of %s, PID %dModule %s section %s has %X patched bytes, PID %dPID %d: user32 has %d patched imm32 functionsPID %d: advapi32 has %d patched functionsPID %d: kernel32 has %d patched functionsShimHandler[%d]: %p %sShimHandler[%d]: %p UNKNOWN, located at %pApplicationRecoveryCallback: %s (%p)%s, PID %d:Cannot alloc %X bytes for IAT checking of %s, PID %dCannot read IAT (size %X at %p) of %s, PID %dCannot find function %s.%s for module %s process %dCannot find function %s.%d for module %s process %dIAT Patched %s.%s in module %s process %d by %sIAT Patched %s.%s in module %s process %d, addr %pIAT Patched %s.%d in module %s process %d by %sIAT Patched %s.%d in module %s process %dCannot alloc %X bytes for delayed IAT checking of %s, PID %dCannot read delayed IAT (size %X at %p) of %s, PID %dCannot find delayed function %s.%s for module %s process %dCannot find delayed function %s.%d for module %s process %dLdrpDllNotificationList: %d%p %sRead %d QueuedWorkerItems:[%d] %p %scheck_drivers_reinit: cannot read size of list, error %d, status %Xcheck_drivers_reinit: cannot read size of list, error %dcheck_drivers_reinit: cannot alloc %X bytescheck_drivers_reinit: cannot read list, error %d, ntstatus %Xcheck_drivers_reinit: cannot read list, error %d[%d] Drv %p %s routine %p %sread_shutdown_notificators: cannot read size of %s, error %d, status %Xread_shutdown_notificators: cannot read size of %s, error %dread_shutdown_notificators: cannot alloc %X bytesread_shutdown_notificators: cannot read %s, error %d, ntstatus %Xread_shutdown_notificators: cannot read %s, error %d[%d] DevObj %p Drv %p (addr %p) %s[%d] DevObj %p Drv %p %sMailSlot: %S, server %d (%S)MailSlot: %S, server %dNamedPipe: %S, server %d (%S)NamedPipe: %S, server %dFlags: %X, server %d (%S)Flags: %X, creator %d, server %dFlags: %X, server %dEndpoints: %dEndpoint %S PID %d (%S):Endpoint %S:RPC controls: %d%S: %S%8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X version %d.%dCannot load kernel %sUnknown scheduler: ReadySummary %X DispatcherReadyListHead %XUnknown scheduler: ReadySummary %X DeferredReadyListHead %XUnknown scheduler: ReadySummary %XReaded %d threads, total %dThread %p ProcID %X ThreadID %X Win32Thread %p %sThread %p ProcID %X ThreadID %X Priority %d Win32Thread %pThread %p ProcID %X ThreadID %X %sThread %p ProcID %X ThreadID %X Priority %dreading count of threads on processor %d failed, error %X%d threadsreading of threads on processor %d failed, error %XScheduler index %dreading count of threads failed, error %Xreading of threads failed, error %XCannot find ETHREAD.ServiceTableUnknown version of ETHREAD, offset %XCannot alloc %X bytes for ProcessesAndThreadsInformationCannot realloc %X bytes for ProcessesAndThreadsInformationProcessesAndThreadsInformation failed, error %Xread_sdt for threadID %X failed, error %d, status %Xread_sdt for threadID %X failed, error %dProcessID %X (%S) ThreadID %X SDT %p %sProcessID %X ThreadID %X SDT %p %sread_thread_token for threadID %X failed, error %d, status %Xread_thread_token for threadID %X failed, error %dProcessID %X (%S) ThreadID %X token %p ImpersonationLevel %dProcessID %X ThreadID %X token %p ImpersonationLevel %dCannot detect ETHREAD.StartAddressUnknown kernel %s, StartAddress %X, IrpList %X, StackLimit %X, StackBase %XUnknown kernel %s, StartAddress %X, StackLimit %X, StackBase %XUnknown kernel %s, StartAddress %X, IrpList %XUnknown kernel %s, StartAddress %XCannot read count of system threads, ntstatus %XCannot alloc %d bytesCannot read system threads, ntstatus %X%d System ThreadsThread %p Start %p %c stack %p limit %p %sread IPSec status failed, error %d, status %Xread IPSec status failed, error %dIPSec status %XIPSecHandler: %p %sIPSecQueryStatus: %p %sIPSecSendCmplt: %p %sIPSecNdisStatus: %p %sIPSecRcvFWPacket: %p %scheck_tdi_pnp_clnts: cannot read size of clnts list, error %d, ntstatus %Xcheck_tdi_pnp_clnts: cannot read size of clnts list, error %dcheck_tdi_pnp_clnts: cannot alloc %X bytescheck_tdi_pnp_clnts: cannot read clnts list, error %d, ntstatus %Xcheck_tdi_pnp_clnts: cannot read clnts list, error %dTDI PnP clients: %d (readed %d)[%d]: version %X %SPnPPowerHandler: %p %sBindHandler: %p %sUnBindHandler: %p %sAddAddressHandler: %p %sDelAddressHandler: %p %sMicrosoft-Windows-Windows Firewall With Advanced SecurityMicrosoft-Windows-Kernel-BootMicrosoft-Windows-EQoSMicrosoft-Windows-XWizardsASP.NET EventsMicrosoft-Windows-UIRibbonMicrosoft-Windows-WPD-CompositeClassDriverMicrosoft-Windows-Wired-AutoConfigMicrosoft-Windows-PrintServiceMicrosoft-Windows-ApplicationExperience-LookupServiceTriggerMicrosoft-Windows-IDCRLMicrosoft-Windows-MPS-DRVMicrosoft-Windows-P2P-MeshMicrosoft-Windows-TabletPC-MathRecognizerMicrosoft-Windows-Spell-CheckingMicrosoft-Windows-FaxMicrosoft-Windows-GroupPolicyMicrosoft-Windows-CrashdumpMicrosoft-Windows-PrintSpoolerMicrosoft-Windows-LanguagePackSetupMicrosoft-Windows-OneXMicrosoft-Windows-OfflineFiles-CscApiMicrosoft-Windows-ADSIMicrosoft-Windows-Dhcp-ClientMicrosoft-Windows-CertificateServicesClient-AutoEnrollmentMicrosoft-Windows-NlaSvcMicrosoft-Windows-Diagnosis-MSDEMicrosoft-Windows-SpoolerWin32SPLMicrosoft-Windows-SPB-ClassExtensionMicrosoft-Windows-Kernel-MemoryMicrosoft-Windows-Application Server-ApplicationsMicrosoft-Windows-MUIMicrosoft-Windows-P2P-CollabMicrosoft-Windows-Security-NetlogonMicrosoft-Windows-SQM-EventsMicrosoft-Windows-USB-USBPORTMicrosoft-Windows-SendToMicrosoft-Windows-AITMicrosoft-Windows-P2P-CRPPrintFilterPipelineSvc_ObjectsGuidMicrosoft-Windows-IME-JPPREDMicrosoft-Windows-WMPMicrosoft-Windows-Eqos-SQM-ProviderMSDADIAG.ETWMicrosoft-Windows-Processor-AggregatorMicrosoft-Windows-ErrorReportingConsoleMicrosoft-Windows-SmartCard-TPM-VCard-ModuleMicrosoft-Windows-User Profiles ServiceMicrosoft-Windows-Crypto-CNGMicrosoft-Windows-LinkLayerDiscoveryProtocolMicrosoft-Windows-TaskbarCPLMicrosoft-Windows-Networking-CorrelationMicrosoft-Windows-RestartManagerMicrosoft-Windows-WMPDMCCoreMicrosoft-Windows-TCPIPMicrosoft-Windows-MSDTCMicrosoft-Windows-Resources-MrmBcMicrosoft-Windows-Time-ServiceMicrosoft-Windows-HomeGroup-ProviderServiceMicrosoft-Windows-DriverFrameworks-UserModeMicrosoft-Windows-Runtime-NetworkingMicrosoft-Windows-Network-Connection-BrokerMicrosoft-Windows-Shell-AppWizCplMicrosoft-Windows-PDCMicrosoft-Windows-BiometricsMicrosoft-Windows-IME-SCDICCOMPILERMicrosoft-Windows-WininitMicrosoft-Windows-Dwm-DwmMicrosoft-Windows-Photo-Image-CodecMicrosoft-Windows-TaskSchedulerMicrosoft-Windows-oskMicrosoft-Windows-Kernel-PowerTriggerMicrosoft-Windows-EventLog-WMIProviderMicrosoft-Windows-IME-OEDCompilerMicrosoft-Windows-WER-SystemErrorReportingMicrosoft-Windows-DeplorchMicrosoft-Windows-SPB-HIDI2CMicrosoft-Windows-UxThemeMicrosoft-Windows-BfeTriggerProviderMicrosoft-Windows-Media-StreamingMicrosoft-Windows-Remotefs-UTProviderMicrosoft-Windows-Ntfs-SQMMicrosoft-Windows-User-PnPMicrosoft-Windows-AltTabMicrosoft-Windows-Kernel-StoreMgrMicrosoft-Windows-WindowsColorSystemMicrosoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-TransportMicrosoft-Windows-MSMPEG2ADECMicrosoft-Windows-TerminalServices-PnPDevicesMicrosoft-Windows-GettingStartedMicrosoft-Windows-NarratorWindows Wininit TraceMicrosoft-Windows-FileHistory-UIMicrosoft-Windows-MediaFoundation-PlayAPIMicrosoft-Windows-CertificateServicesClient-Lifecycle-SystemMicrosoft-Windows-BitLocker-Driver-PerformanceMicrosoft-Windows-PerfProcMicrosoft-Windows-Resource-Leak-DiagnosticMicrosoft-Windows-WebServicesMicrosoft-Windows-FileHistory-ServiceMicrosoft-Windows-MediaEngineMicrosoft-Windows-StartupRepairMicrosoft-Windows-Security-IdentityStoreMicrosoft-Windows-IME-SCSettingMicrosoft-Windows-FileHistory-EventListenerMicrosoft-Windows-Program-Compatibility-AssistantMicrosoft-Windows-DesktopActivityModeratorMicrosoft-Windows-MemoryDiagnostics-ScheduleMicrosoft-Windows-FileHistory-EngineMicrosoft-Windows-PerfDiskMicrosoft-Windows-OOBE-Machine-CoreMicrosoft-Windows-WLAN-AutoConfigMicrosoft-Windows-FileHistory-ConfigManagerMicrosoft-Windows-Search-ProfileNotifyMicrosoft-Windows-PerfCtrsUMPass Driver TraceMicrosoft-Windows-FileHistory-CatalogMicrosoft-Windows-WlanDlgMicrosoft-Windows-CDROMMicrosoft-Windows-Crypto-NCryptCertificate Services Client CredentialRoaming TraceMicrosoft-Windows-CredUIWindows Firewall ServiceMicrosoft-Windows-FileHistory-CoreMicrosoft-Windows-Direct3D11Microsoft-Windows-DirectoryServices-DeploymentMicrosoft-Windows-All-User-Install-AgentMicrosoft-Windows-Kernel-Licensing-StartServiceTriggerMicrosoft-Windows-ServerManager-ManagementProviderMicrosoft-Windows-Diagnosis-ScriptedDiagnosticsProviderMicrosoft-Windows-IIS-W3SVC-WPMicrosoft-Windows-TerminalServices-MediaRedirection-DShowMicrosoft-Windows-Rdms-UIMicrosoft-Windows-Feedback-Service-TriggerProviderMicrosoft-Windows-EventlogMicrosoft-Windows-CodeIntegrityMicrosoft-Windows-WPDClassInstallerMicrosoft-Windows-NetworkAccessProtectionMicrosoft-Windows-UIAutomationCoreMicrosoft-Windows-StartLmhostsMicrosoft-Windows-IME-BrokerMicrosoft-Windows-Kernel-ProcessMicrosoft-Windows-CertificateServicesClientMicrosoft-Windows-AppXDeploymentMicrosoft-Windows-Shell-CoreMicrosoft-Windows-Anytime-UpgradeMicrosoft-Windows-PCIMicrosoft-Windows-WPD-MTPBTMicrosoft-Windows-CertificationAuthorityClient-CertCliMicrosoft-Windows-Srv2Microsoft-Windows-TunnelDriver-SQM-ProviderMicrosoft-Windows-Security-Licensing-SLCMicrosoft-Windows-ATAPortMicrosoft-Windows-RecoveryMicrosoft-Windows-GenericRoamingMicrosoft-Windows-Sdbus-SQMMicrosoft-Windows-DirectCompositionMicrosoft-Windows-P2PIMSvcMicrosoft-Windows-WCN-Config-RegistrarMicrosoft-Windows-WPD-APIMicrosoft-Windows-P2P-PNRPMicrosoft-Windows-DeviceUxWindows Mobile Performance HooksMicrosoft-Windows-ProcessStateManagerWindows Connect NowMicrosoft-Windows-Networking-RealTimeCommunicationMicrosoft-Windows-EventSystemMicrosoft-Windows-SpaceportWindows Mobile Remote APIMicrosoft-Windows-Dhcp-Nap-Enforcement-ClientMicrosoft-Windows-WinNatWindows Mobile AirSync Engine 2Microsoft-Windows-WCN-Config-Registrar-SecureWindows Mobile AirSync Engine 1Microsoft-Windows-Security-KerberosWindows Mobile ActiveSync EngineMicrosoft-Windows-WSC-SRVMicrosoft-Windows-Eventlog-ForwardPluginWindows Mobile Serial ConnectivityMicrosoft-Windows-TerminalServices-SessionBroker-ClientMicrosoft-Windows-WMPNSS-PublicAPIWindows Mobile Desktop PassthroughMicrosoft-Windows-RPC-EventsMicrosoft-Windows-LanguageProfileMicrosoft-Windows-Anytime-Upgrade-EventsMicrosoft-Windows-Management-UIMicrosoft-Windows-SMBClientMicrosoft-Windows-TerminalServices-RdpSoundDriverMicrosoft-Windows-Dwm-ApiMicrosoft-Windows-QoS-qWAVEMicrosoft-Windows-Kernel-Tm-TriggerMicrosoft-Windows-IPNATMicrosoft-Windows-NetworkBridgeMicrosoft-Windows-MPS-CLNTMicrosoft-Windows-Diagnosis-ScheduledMicrosoft-Windows-WMPNSS-ServiceMicrosoft-Windows-DxpTaskRingtoneMicrosoft-Windows-Kernel-AppCompatMicrosoft-Windows-TimeBrokerMicrosoft-Windows-DeviceConfidenceMicrosoft-Windows-Shell-ShwebsvcMicrosoft-Windows-Diagnostics-PerformanceWindows NetworkMap TraceMicrosoft-Windows-TerminalServices-PrintersMicrosoft-Windows-AppLockerMicrosoft-Windows-AudioMicrosoft-Windows-LLTD-MapperIOMicrosoft-Windows-HotspotAuthMicrosoft-Windows-Firewall-CPLMicrosoft-Windows-Kernel-IoTraceMicrosoft-Windows-PerflibMicrosoft-Windows-BootUXMicrosoft-Windows-WMPDMCUIMicrosoft-Windows-DiskMicrosoft-Windows-IME-JPLMPMicrosoft-Windows-Security-SPP-UX-NotificationsMicrosoft-Windows-TerminalServices-ClientActiveXCoreMicrosoft-Windows-IIS-IISResetMicrosoft-Windows-WindowsUIImmersiveWindows Firewall Control PanelMicrosoft-Windows-DeviceSetupManagerMicrosoft-Windows-EnrollmentPolicyWebServiceMicrosoft-Windows-IME-RoamingMicrosoft-Windows-SetupQueueMicrosoft-Windows-SmartCard-AuditMicrosoft-Windows-ServicingMicrosoft-Windows-ACL-UIMicrosoft-Windows-WWAN-CFEMicrosoft-Windows-FCRegSvcMicrosoft-Windows-IIS-IisMetabaseAuditMicrosoft-Windows-Kernel-WDIMicrosoft-Windows-TabletPC-MathInputMicrosoft-Windows-Kernel-GeneralWindows Media Player TraceMicrosoft-Windows-DxpTaskDLNAMicrosoft-Windows-User Profiles GeneralMicrosoft-Windows-Kernel-WSService-StartServiceTriggerMicrosoft-Windows-WebAuthMicrosoft-Windows-API-TracingMicrosoft-Windows-FunctionDiscoveryMicrosoft-Windows-StickyNotesMicrosoft-Windows-WCN-WscEapPeer-TraceMicrosoft-Windows-QoS-WMI-DiagMicrosoft-Windows-NetworkProvisioningMicrosoft-Windows-Network-DataUsageMicrosoft-Windows-AppSruProvMicrosoft-Windows-WebcamExperienceMicrosoft-Windows-EaseOfAccessMicrosoft-Windows-Spellchecking-HostMicrosoft-Windows-IME-CandidateUIMicrosoft-Windows-TPM-WMIMicrosoft-Windows-Security-SPPMicrosoft-Windows-DirectShow-KernelSupportMicrosoft-Windows-Diagnosis-AdvancedTaskManagerMicrosoft-Windows-ThemeCPLWindows Mobile Co-installerMicrosoft-Windows-MPRMSGMicrosoft-Windows-EnhancedStorage-EhStorCertDrvMicrosoft-Windows-NdisImPlatformEventProviderMicrosoft-Windows-FunctionDiscoveryHostMicrosoft-Windows-MediaFoundation-MSVideoDSPMicrosoft-Windows-IME-JPTIPWindows Kernel TraceMicrosoft-SQLServerDataToolsMicrosoft-Windows-ASN1Microsoft-Windows-Crypto-BCryptMicrosoft-Windows-HealthCenterCPLMicrosoft-Windows-XAMLMicrosoft-Windows-PDFReaderMicrosoft-Windows-TerminalServices-ServerUSBDevicesMicrosoft-Windows-WWAN-SVC-EVENTSMicrosoft-Windows-Search-ProtocolHandlersMicrosoft-Windows-IdCtrlsMicrosoft-Windows-User-ControlPanelMicrosoft-Windows-Runtime-MediaMicrosoft-Windows-CAPI2Windows Mobile Sync HandlersMicrosoft-Windows-PowerCfgMicrosoft-Windows-SrumTelemetryMicrosoft-Windows-Base-Filtering-Engine-ConnectionsMicrosoft-Windows-SidebarMicrosoft-Windows-NDF-HelperClassDiscoveryMicrosoft-Windows-PerfNetMicrosoft-Windows-PortableDeviceStatusProviderMicrosoft-Windows-TabletPC-Platform-ManipulationsMicrosoft-Windows-Subsys-SMSSMicrosoft-Windows-LDAP-ClientMicrosoft-Windows-Security-SPP-UX-GCMicrosoft-Windows-Media Center ExtenderMicrosoft-Windows-DiskDiagnosticMicrosoft-Windows-TSF-msutbMicrosoft-Windows-Reliability-Analysis-Agent{B6501BA0-C61A-C4E6-6FA2-A4E7F8C8E7A0}Microsoft-Windows-Kernel-Processor-PowerMicrosoft-Windows-NCSIMicrosoft-Windows-NetworkConnectivityStatusMicrosoft-Windows-wmvdecodMicrosoft-Windows-ServiceTriggerPerfEventProviderMicrosoft-Windows-Service Pack InstallerMicrosoft-Windows-Bluetooth-HidGattMicrosoft-Windows-TabletPC-Platform-Input-NinputMicrosoft-Windows-Tcpip-SQM-ProviderMicrosoft-Windows-MPS-SRVMicrosoft-Windows-KnownFoldersMicrosoft-Windows-NAPIPSecEnfMicrosoft-Windows-EnrollmentWebServiceMicrosoft-Windows-Deduplication-ChangeMicrosoft-Windows-OfflineFiles-CscFastSyncMicrosoft-Windows-UxInitMicrosoft-Windows-BranchCacheClientEventProviderMicrosoft-Windows-ForwardingMicrosoft-Windows-RPC-Proxy-LBSMicrosoft-Windows-Kernel-DiskMicrosoft-Windows-TriggerEmulatorProviderMicrosoft-Windows-SystemHealthAgentMicrosoft-Windows-Memory-Diagnostic-Task-HandlerMicrosoft-Windows-Winsock-WS2HELPMicrosoft-Windows-ThemeUIMicrosoft-Windows-TerminalServices-MediaRedirectionMicrosoft-Windows-TerminalServices-ClientUSBDevicesMicrosoft-Windows-TabletPC-CoreInkRecognitionMicrosoft-Windows-COMMicrosoft-Windows-PnPMgrTriggerProviderMicrosoft-Windows-LoadPerfMicrosoft-Windows-System-RestoreMicrosoft-Windows-UserAccountControlMicrosoft-Windows-Services-SvchostMicrosoft-Windows-PushNotifications-DeveloperMicrosoft-Windows-LiveIdMicrosoft-Windows-Security-SPP-UXMicrosoft-Windows-VANMicrosoft-Windows-FirstUX-PerfInstrumentationMicrosoft-Windows-Kernel-TmMicrosoft-Windows-Kernel-ShimEngineMicrosoft-Windows-EapHostMicrosoft-Windows-CertPolEngMicrosoft-Windows-MsLbfoEventProviderMicrosoft-Windows-ComplusMicrosoft-Windows-EFSMicrosoft-Windows-WwaHostMicrosoft-Windows-ServerManagerMicrosoft-Windows-ComDlg32Microsoft-Windows-MP4SDECDMicrosoft-Windows-PeopleNearMeMicrosoft-Windows-SmartCard-Bluetooth-ProfileMicrosoft-Windows-TZUtilMicrosoft-Windows-ApplicationExperience-SwitchBackMicrosoft-Windows-UI-Input-InkingMicrosoft-Windows-VDRVROOTWindows Firewall NetShell PluginWindows Firewall APIMicrosoft-Windows-Kernel-AcpiMicrosoft-Windows-WinRMMicrosoft-Windows-Direct3D10_1Microsoft-Windows-Kernel-LicensingSqmMicrosoft-Windows-SpoolerSpoolssMicrosoft-Windows-FilterManagerMicrosoft-Windows-ActionQueueMicrosoft-Windows-IME-KRAPIMicrosoft-Windows-Resource-Exhaustion-DetectorMicrosoft-Windows-ApplicationExperienceInfrastructureMicrosoft-Windows-StorSqmMicrosoft-Windows-SearchMicrosoft-Windows-HttpEventMicrosoft-Windows-AxInstallServiceMicrosoft-Windows-Diagnosis-PerfHostMicrosoft-Windows-InternationalMicrosoft-Windows-CertificateServicesClient-CredentialRoamingMicrosoft-Windows-SoftwareRestrictionPoliciesMicrosoft-Windows-Windows DefenderMicrosoft-Windows-ShareMedia-ControlPanelMicrosoft-Windows-CertificateServicesClient-Lifecycle-UserMicrosoft-Windows-WPD-MTPUSMicrosoft-Windows-DirectWriteMicrosoft-Windows-RPCSSMicrosoft-Windows-DeviceSyncMicrosoft-Windows-NcdAutoSetupMicrosoft-Windows-Diagnosis-PCWMicrosoft-Windows-DistributedCOMATA Port Driver Tracing ProviderMicrosoft-Windows-WebdavClient-LookupServiceTriggerMicrosoft-Windows-USB-USBXHCIMicrosoft-Windows-Diagnosis-PLAMicrosoft-Windows-WlanConnMicrosoft-Windows-WinlogonMicrosoft-Windows-stobjectMicrosoft-Windows-Mobile-Broadband-Experience-SmsRouterMicrosoft-Windows-D3D10Level9Microsoft-Windows-WAS-ListenerAdapterMicrosoft-Windows-ServerManager-MultiMachineMicrosoft-Windows-AppxPackagingOMMicrosoft-Windows-PushNotifications-PlatformMicrosoft-Windows-OOBE-Machine-Plugins-WirelessMicrosoft-Windows-IME-JPAPISBP2 Port Driver Tracing ProviderMicrosoft-Windows-BranchCacheEventProviderMicrosoft-Windows-Immersive-Shell-APIMicrosoft-Windows-ntshruiMicrosoft-Windows-KPSSVCMicrosoft-Windows-BitLocker-DrivePreparationToolMicrosoft-Windows-EapMethods-SimMicrosoft-Windows-Shell-ZipFolderMicrosoft-Windows-Search-CoreMicrosoft-Windows-OfflineFiles-CscNetApiMicrosoft-Windows-Diagnosis-WDIMicrosoft-Windows-PortableDeviceSyncProviderMicrosoft-Windows-Diagnostics-PerfTrack-CountersMicrosoft-Windows-Speech-TTSMicrosoft-Windows-Component-Resources-MrmCore-EventsMicrosoft-Windows-BranchCacheMicrosoft-Windows-SystemEventsBrokerMicrosoft-Windows-VolumeControlMicrosoft-Windows-Win32kMicrosoft-Windows-Kernel-WHEAMicrosoft-Windows-P2P-MeetingsMicrosoft-Windows-Diagnosis-WDCMicrosoft-Windows-Serial-ClassExtensionMicrosoft-Windows-KPSSVC-WPPMicrosoft-Windows-CertificateServices-DeploymentMicrosoft-Windows-PerfOSMicrosoft-Windows-ResetEngMicrosoft-Windows-Runtime-GraphicsMicrosoft-Windows-IPSEC-SRVMicrosoft-Windows-CorruptedFileRecovery-ServerWindows Mobile Bluetooth ConnectivityMicrosoft-Windows-DLNA-NamespaceMicrosoft-Windows-WLAN-MediaManagerCertificate Services Client TraceMicrosoft-Windows-BranchCacheSMBMicrosoft-Windows-PrintService-USBMonMicrosoft-Windows-OOBE-MachineMicrosoft-Windows-DXPMicrosoft-Windows-Immersive-ShellMicrosoft-Windows-OOBE-Machine-PluginsMicrosoft-Windows-Reliability-Analysis-EngineMicrosoft-Windows-Application-ExperienceMicrosoft-Windows-KdsSvcMicrosoft-Windows-MediaFoundation-PlatformMicrosoft-Windows-Security-Configuration-WizardMicrosoft-Windows-DisplayColorCalibrationWindows Mobile Device Center BaseMicrosoft-Windows-WPD-MTPClassDriverMicrosoft-Windows-DNS-ClientMicrosoft-Windows-MSDTC ClientMicrosoft-Windows-NDIS-PacketCaptureWindows Remote Management TraceMicrosoft-Windows-MSPaintMicrosoft-Windows-HomeGroup-ListenerServiceMicrosoft-Windows-Sensor-Service-TriggerMicrosoft-Windows-EapMethods-TtlsMicrosoft-Windows-Remotefs-SmbMicrosoft-Windows-SMBWitnessClientMicrosoft-Windows-USB-USBHUBMicrosoft-Windows-DirectWrite-FontCacheMicrosoft-Windows-WindowsBackupMicrosoft-Windows-NWiFiMicrosoft-Windows-WER-DiagMicrosoft-Windows-UACMicrosoft-Windows-LUAMicrosoft-Windows-AppIDMicrosoft-Windows-IIS-WMSVCMicrosoft-Windows-Shell-OpenWithMicrosoft-Windows-MediaFoundation-MFReadWriteMicrosoft-Windows-BrokerInfrastructureMicrosoft-Windows-Fault-Tolerant-HeapMicrosoft-Windows-Shell-DefaultProgramsMicrosoft-Windows-Dism-CliMicrosoft-Windows-SMBDirectMicrosoft-Windows-IME-SCTIPMicrosoft-Windows-EnergyEfficiencyWizardMicrosoft-Windows-ParentalControlsMicrosoft-Windows-Smartcard-ServerMicrosoft-Windows-FMSMicrosoft-Windows-Devices-LocationMicrosoft-Windows-LLTD-ResponderMicrosoft-Windows-MsLbfoSysEvtProvidersqlosMicrosoft-Windows-TerminalServices-RemoteConnectionManagerMicrosoft-Windows-SCPNPMicrosoft-Windows-WordpadWMI_Tracing_Client_OperationsMicrosoft-Windows-Security-Audit-Configuration-ClientMicrosoft-Windows-EFSADUWindows Notification Facility ProviderMicrosoft-Windows-DiagCplWindows NetworkItemFactory TraceMicrosoft-Windows-ApplicationExperience-CacheMicrosoft-Windows-ResourcePublicationMicrosoft-Windows-FailoverClustering-ClientMicrosoft-Windows-Runtime-Networking-BackgroundTransferMicrosoft-Windows-AppHostMicrosoft-Windows-NetAdapterCim-DiagMicrosoft-Windows-IIS-FTPMicrosoft-Windows-IphlpsvcMicrosoft-Windows-WinINetMicrosoft-Windows-TabletPC-InputPersonalizationMicrosoft-Windows-SpoolerFilterPipelineSVCMicrosoft-Windows-GlobalizationMicrosoft-Windows-Bits-ClientMicrosoft-Windows-WFPMicrosoft-Windows-ServicesMicrosoft-Windows-IdleTriggerProviderMicrosoft-Windows-DxgKrnlMicrosoft-Windows-HealthCenterMicrosoft-Windows-OtpCredentialProviderEvtMicrosoft-Windows-MemoryDiagnostics-ResultsMicrosoft-Windows-NcasvcMicrosoft-Windows-SystemSettingsMicrosoft-Windows-PDHMicrosoft-Windows-WMPNSSUIMicrosoft-Windows-BdeTriggerProviderMicrosoft-Windows-Diagnostics-PerfTrackMicrosoft-Windows-IIS-APPHOSTSVCMicrosoft-Windows-CoreWindowMicrosoft-Windows-HelpMicrosoft-Windows-WindowsUpdateClientMicrosoft-Windows-IIS-W3SVC-PerfCountersMicrosoft-Windows-WMIMicrosoft-Windows-TabletPC-Platform-Input-WispMicrosoft-Windows-ProcessExitMonitorMicrosoft-Windows-IME-JPSettingMicrosoft-Windows-Diagnosis-ScriptedMicrosoft-Windows-GroupPolicyTriggerProviderFile Kernel Trace; Operation Set 2Microsoft-Windows-IIS-ConfigurationMicrosoft-Windows-Diagnosis-TaskManagerMicrosoft-Windows-Diagnosis-DPSMicrosoft-Windows-UserPnpMicrosoft-Windows-Security-SPP-UX-GenuineCenter-LoggingMicrosoft-Windows-Schannel-EventsNetJoinMicrosoft-Windows-TabletPC-InputPanelMicrosoft-Windows-FileServices-ServerManager-EventProviderMicrosoft-Windows-MediaFoundation-PerformanceMicrosoft-Windows-EndpointTriggerProviderMicrosoft-Windows-IME-KRTIPMicrosoft-Windows-Mobile-Broadband-Experience-SmsApiMicrosoft-Windows-Hyper-V-NetvscMicrosoft-Windows-DirectSoundMicrosoft-Windows-TabletPC-Platform-Input-CoreMicrosoft-Windows-PushNotifications-InProcMicrosoft-Windows-Kernel-NetworkMicrosoft-Windows-DiskDiagnosticResolverMicrosoft-Windows-NdisImPlatformSysEvtProviderMicrosoft-Windows-MeetingSpaceMicrosoft-Windows-Base-Filtering-Engine-Resource-FlowsMicrosoft-Windows-RasServerMicrosoft-Windows-VHDMPMicrosoft-Windows-WindowsSystemAssessmentToolMicrosoft-Windows-DCLocatorMicrosoft-Windows-Diagnosis-MSDTMicrosoft-Windows-WLGPASQLSRV32.1Microsoft-Windows-CertificateServicesClient-CertEnrollMicrosoft-Windows-IME-TCCOREMicrosoft-Windows-SmartCard-Bluetooth-TransportMicrosoft-Windows-WMVENCODMicrosoft-Windows-mobsyncMicrosoft-Windows-EFSTriggerProviderMicrosoft-Windows-DUSERMicrosoft-Windows-DiskDiagnosticDataCollectorMicrosoft-Windows-DirectAccess-MediaManagerMicrosoft-Windows-DisplaySwitchMicrosoft-Windows-PackageStateRoamingMicrosoft-Windows-Crypto-DPAPIMicrosoft-Windows-IME-CustomerFeedbackManagerUIsqlserverMicrosoft-Windows-User-LoaderMicrosoft-Windows-NetworkProfileTriggerProviderMicrosoft-Windows-NetworkProfileWindows Firewall API - GPMicrosoft-Windows-CmiSetupMicrosoft-Windows-SysprepMicrosoft-Windows-WindeployMicrosoft-Windows-SetupMicrosoft-Windows-OobeLdrMicrosoft-Windows-SetupUGCMicrosoft-Windows-AuditMicrosoft-Windows-SetupClMicrosoft-Windows-WinsrvMicrosoft-Windows-WinHttpMicrosoft-Windows-RadioManagerMicrosoft-Windows-Websocket-Protocol-ComponentMicrosoft-Windows-WebIOMicrosoft-Windows-Dwm-CoreMicrosoft-Windows-Registry-SQM-ProviderMicrosoft-Windows-WHEA-LoggerMicrosoft-Windows-PeerToPeerDrtEventProviderMicrosoft-Windows-BitLocker-DriverMicrosoft-Windows-SettingSyncMicrosoft-Windows-Mobile-Broadband-Experience-Api-InternalMicrosoft-Windows-EnhancedStorage-EhStorTcgDrvMicrosoft-Windows-PowerShellMicrosoft-Windows-DirectShow-CoreMicrosoft-Windows-Kernel-PowerMicrosoft-Windows-msmpeg2vencMicrosoft-Windows-MPEG2_DLNA-EncoderMicrosoft-Windows-Remote-FileSystem-LogMicrosoft-Windows-Kernel-PnPMicrosoft-Windows-AppXDeployment-ServerMicrosoft-Windows-Folder RedirectionMicrosoft-Windows-OfflineFiles-CscUMMicrosoft-Windows-ServerManager-DeploymentProviderMicrosoft-Windows-ServiceReportingApiMicrosoft-Windows-StorDiagMicrosoft-Windows-IME-CustomerFeedbackManagerMicrosoft-Windows-Kernel-EventTracingMicrosoft-Windows-Kernel-BootDiagnosticsMicrosoft-Windows-DXGIMicrosoft-Windows-Build-RegDllMicrosoft-Windows-PNRPSvcMicrosoft-Windows-NduMicrosoft-Windows-FirewallMicrosoft-Windows-WcmsvcMicrosoft-Windows-OLEACCMicrosoft-Windows-MSDTC Client 2Microsoft-Windows-InputSwitchMicrosoft-Windows-Runtime-WebAPIMicrosoft-Windows-HALMicrosoft-Windows-International-RegionalOptionsControlPanelMicrosoft-Windows-RPCMicrosoft-Windows-MFH264EncMicrosoft-Windows-SharedAccess_NATMicrosoft-Windows-DeviceAssociationServiceMicrosoft-Windows-Bluetooth-MTPEnumMicrosoft-Windows-BitLocker-API{C5BFFE2E-9D87-D568-A09E-08FC83D0C7C2}Microsoft-Windows-IPMIProviderMicrosoft-Windows-IME-TIPMicrosoft-Windows-WindowsToGo-StartupOptionsMicrosoft-Windows-BackupMicrosoft-Windows-WMP-MediaDeliveryEngineMicrosoft-Windows-PrintBRMMicrosoft-Windows-ServerManager-ConfigureSMRemotingMicrosoft-Windows-Video-For-WindowsMicrosoft-Windows-ClearTypeTextTunerMicrosoft-Windows-Subsys-CsrMicrosoft-Windows-USB-UCXMicrosoft-Windows-RemoteApp and Desktop ConnectionsWindows Winlogon TraceMicrosoft-Windows-RasSstpMicrosoft-Windows-UAC-FileVirtualizationMicrosoft-Windows-ClassicSruMonMicrosoft-Windows-Security-IdentityListenerMicrosoft-Windows-WWAN-MM-EVENTSMicrosoft-Windows-MsiServerMicrosoft-Windows-PhotoAcqMicrosoft-Windows-Power-TroubleshooterMicrosoft-Windows-DxpTaskSyncProviderMicrosoft-Windows-Remotefs-RdbssMicrosoft-Windows-AppIDServiceTriggerMicrosoft-Windows-Kernel-FileMicrosoft-Windows-TSF-msctfMicrosoft-Windows-PowerCplMicrosoft-Windows-LanGPAMicrosoft-Windows-WWAN-MediaManagerMicrosoft-Windows-PrimaryNetworkIconMicrosoft-Windows-OfflineFilesMicrosoft-Windows-UIAnimationMicrosoft-Windows-Security-AuditingMicrosoft-Windows-WCN-Config-Registrar-Wizard-TraceMicrosoft-Windows-WWAN-NDISUIO-EVENTSMicrosoft-Windows-NetworkManagerTriggerProviderMicrosoft-Windows-Winsock-AFDMicrosoft-Windows-Remote-FileSystem-MonitorMicrosoft-Windows-WABSyncProvider.NET Common Language RuntimeMicrosoft-Windows-MSMPEG2VDECMicrosoft-Windows-DateTimeControlPanelWindows Firewall DriverMicrosoft-Windows-IIS-W3SVCMicrosoft-Windows-WWAN-UI-EVENTSMicrosoft-Windows-Speech-UserExperienceMicrosoft-Windows-Dism-ApiMicrosoft-Windows-Store-Client-UIMicrosoft-Windows-CalculatorMicrosoft-Windows-Shell-ConnectedAccountStateMicrosoft-Windows-PrintDialogsMicrosoft-Windows-Network-and-Sharing-CenterMicrosoft-Windows-Crypto-RNGMicrosoft-Windows-MSDTC 2Microsoft-Windows-SpellCheckerMicrosoft-Windows-propsysMicrosoft-Windows-WPD-MTPIPMicrosoft-Windows-DocumentsMicrosoft-Windows-StorPortMicrosoft-Windows-MagnificationMicrosoft-Windows-Shell-AuthUIMicrosoft-Windows-Dwm-RedirMicrosoft-Windows-BTH-BTHUSBMicrosoft-Windows-NtfsMicrosoft-Windows-SensMicrosoft-Windows-UserAccessLoggingMicrosoft-Windows-RemoteDesktopServices-RdpCoreTSMicrosoft-Windows-COM-PerfMicrosoft-Windows-StorageSpaces-BackgroundAgentMicrosoft-Windows-Kernel-PrefetchPortable Device Connectivity API TraceMicrosoft-Windows-RemoteAssistanceMicrosoft-Windows-MFMicrosoft-Windows-MediaFoundation-MSVProcMicrosoft-Windows-TBSMicrosoft-Windows-FeedbackToolMicrosoft-Windows-WlanPrefMicrosoft-Windows-OfflineFiles-CscDclUserMicrosoft-Windows-Http-SQM-ProviderMicrosoft-Windows-Wireless-Network-Setup-Wizard-TraceMicrosoft-Windows-MCTMicrosoft-Windows-HotStartMicrosoft-Windows-Diagnostics-NetworkingMicrosoft-Windows-SensorsMicrosoft-Windows-SmbServerMicrosoft-Windows-USB-USBHUB3Microsoft-Windows-Dot3MMMicrosoft-Windows-KernelStreamingMicrosoft-Windows-Mobile-Broadband-Experience-ApiMicrosoft-Windows-VolumeSnapshot-DriverMicrosoft-Windows-MobilityCenterMicrosoft-Windows-OfflineFiles-CscServiceMicrosoft-Windows-SuperfetchMicrosoft-Windows-IPBusEnumMicrosoft-Windows-MprddmMicrosoft-Windows-Dwm-UdwmMicrosoft-Windows-AppModel-StateMicrosoft-Windows-WCN-FD-Provider-TraceMicrosoft-Windows-Resource-Exhaustion-ResolverMicrosoft-Windows-Iphlpsvc-TraceMicrosoft-Windows-WUSAMicrosoft-Windows-TerminalServices-LocalSessionManagerMicrosoft-Windows-RPC-FirewallManagerMicrosoft-Windows-WCN-Common-TraceMicrosoft-Windows-MediaFoundation-MFCaptureEngineMicrosoft-Windows-ReadyBoostDriverMicrosoft-Windows-DUIMicrosoft-Windows-WMP-Setup_WMMicrosoft-Windows-Direct3D10Microsoft-Windows-DfsSvcMicrosoft-Windows-IME-SCCOREMicrosoft-Windows-NTLMMicrosoft-Windows-VWiFiMicrosoft-Windows-Kernel-PnPConfigMicrosoft-Windows-Winsock-SQMMicrosoft-Windows-SpoolerSpoolSVMicrosoft-Windows-NetshellMicrosoft-Windows-UserModePowerServiceMicrosoft-Windows-HttpServiceHTTP Service TraceMicrosoft-Windows-D3D9Microsoft-Windows-AppModel-RuntimeMicrosoft-Windows-CEIPMicrosoft-Windows-Directory-Services-SAMMicrosoft-Windows-SpoolerTCPMonMicrosoft-Windows-ReadyBoostMicrosoft-Windows-L2NACPMicrosoft-Windows-LLTD-MapperMicrosoft-Windows-DeduplicationMicrosoft-Windows-HomeGroup-ControlPanelMicrosoft-Windows-Mobile-Broadband-Experience-Parser-TaskMicrosoft-Windows-DomainJoinManagerTriggerProviderMicrosoft-Windows-SruMonMicrosoft-Windows-ELS-HyphenationTCPIP Service TraceMicrosoft-Windows-DriverFrameworks-KernelModeMicrosoft-Windows-CorruptedFileRecovery-ClientMicrosoft-Windows-WMI-ActivityMicrosoft-Windows-COMRuntimeMicrosoft-Windows-WASMicrosoft-Windows-WnvMicrosoft-Windows-ShsvcsMicrosoft-Windows-NDISMicrosoft-Windows-WinMDEFile Kernel Trace; Operation Set 1Microsoft-Windows-Proximity-CommonMicrosoft-Windows-Ntfs-UBPMMicrosoft-Windows-Kernel-RegistryMicrosoft-Windows-RemoteDesktopServices-RemoteDesktopSessionManagerMicrosoft-Windows-TunnelDriverMicrosoft-Windows-QoS-PacerMicrosoft-Windows-EventCollectorMicrosoft-Windows-OOBE-Machine-DUIMicrosoft-Windows-IME-TCTIPMicrosoft-Windows-WCNWizMicrosoft-Windows-DisplayMicrosoft-Windows-OcSetupMicrosoft-Windows-DesktopWindowManager-DiagMicrosoft-Windows-FileInfoMinifilterMicrosoft-Windows-TextPredictionEngineMicrosoft-Windows-NetworkGCWMicrosoft-Windows-DHCPv6-ClientMicrosoft-Windows-PlayToManagerNDIS_STATUS_TCP_CONNECTION_OFFLOAD_CURRENT_CONFIGNDIS_STATUS_PORT_STATEMS_Windows_AeLookupServiceTrigger_ProviderMicrosoft_Windows_SQM_ProviderMS_Windows_AIT_ProviderNDIS_TCP_CONNECTION_OFFLOAD_CURRENT_CONFIGNDIS_TCP_OFFLOAD_CURRENT_CONFIGPARPORT_WMI_ALLOCATE_FREE_COUNTS_GUIDNDIS_GEN_ENUMERATE_PORTSGUID_QOS_TC_SUPPORTEDMS1394_PortVendorRegisterAccessGuidiSCSI_PersistentLoginsGuidiSCSI_PortalInfoClassGuidSerailPortPerfGuidPortClsEventUdpIpGuidTcpIpGuidiSCSI_OperationsGuidCTLGUID_usbportNDIS_STATUS_TCP_CONNECTION_OFFLOAD_HARDWARE_CAPABILITIESiSCSI_DiscoveryOperationsGuidSerialPortNameGuidCTLGUID_WebClntTracePOINTER_PORT_WMI_STD_DATA_GUIDKEYBOARD_PORT_WMI_STD_DATA_GUIDMSKeyboard_ClassInformationGuidNDIS_GEN_CO_MEDIA_SUPPORTEDMS_Windows_AeSwitchBack_ProviderSerialPortHWGuidMS_SM_PortInformationMethodsataport_CtlGuidstorport_CtlGuidMS1394_PortDriverInformationGuidBTHPORT_WMI_HCI_PACKET_INFOSerialPortCommGuidiScsiLBOperationsGuidMS_Windows_AeCache_ProviderNDIS_GEN_PORT_STATEWindowsBackup TracingControlGuidWmiMonitorListedSupportedSourceModes_GUIDNDIS_GEN_MEDIA_SUPPORTEDCTLGUID_certpropBTHPORT_WMI_SDP_SERVER_LOG_INFOKEYBOARD_PORT_WMI_EXTENDED_IDiSCSIRedirectPortalGuidNDIS_GEN_PORT_AUTHENTICATION_PARAMETERSBTHPORT_WMI_SDP_DATABASE_EVENTNDIS_TCP_CONNECTION_OFFLOAD_HARDWARE_CAPABILITIESiSCSI_TCPIPConfigGuidSerialPortPropertiesGuidPortCls_IrpProcessingiSCSI_SecurityConfigOperationsGuidNDIS_TCP_OFFLOAD_PARAMETERSPortCls_PowerStateMicrosoft_Windows_GameUxiSCSI_InitiatorLoginStatisticsGuidMS1394_PortErrorInformationGuidPortCls_PinStateCTLGUID_PortClsNDIS_TCP_OFFLOAD_HARDWARE_CAPABILITIESCTRLGUID_MF_PIPELINE.PX`i``.HBS&{%UD(_dump_wmi_guidentries failed, error %d, status %Xdump_wmi_guidentries failed, error %ddump_wmi_guidentries: cannot alloc %X bytes (total %d)dump_wmi_guidentries: read failed, error %d, status %Xdump_wmi_guidentries: read failed, error %dWMI guidentries: total %X readed %X:[%X] %X flag %X refcnt %X - %s[%X] %X flag %X refcnt %X %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2Xdump_wmi_regentries failed, error %d, status %Xdump_wmi_regentries failed, error %ddump_wmi_regentries: cannot alloc %X bytes (total %d)dump_wmi_regentries: read failed, error %d, status %Xdump_wmi_regentries: read failed, error %dWMI regentries: total %X readed %X:[%X] flags %X refcnt %X dev %p prov %X DS %p %s[%X] flags %X refcnt %X cb %p prov %X DS %p %sEtw[%d]:Type %X Index %X InternalCB %p (%s) %sType %X Index %X InternalCB %p %sType %X Index %X InternalCB %p (%s) ProviderId: %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XType %X Index %X InternalCB %p ProviderId: %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2Xdump_Etw: exception occured, code %Xdump_Etws: exception occured, code %XKPRCB.EtwSupport %p:KPRCB[%d].EtwSupport %p:read_kernel_etws count failed, error %d, ntstatus %Xread_kernel_etws count failed, error %dread_kernel_etws: cannot alloc %X bytesread_kernel_etws failed, error %d, ntstatus %Xread_kernel_etws failed, error %dKEtw[%X]:KEtw[%X]: RefCount %d, KProvider - %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XKEtw[%X]: RefCount %d %s[%X] %p %sType %X InUse %d Index %X InternalCB %p (%s) %sType %X InUse %d Index %X InternalCB %p %sType %X InUse %d Index %X InternalCB %p (%s) ProviderId: %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XType %X InUse %d Index %X InternalCB %p ProviderId: %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XEtwCallback[%d] %p %s:EtwCallback[%d]:EtwTrace[%d] %p Ctx %p %s:EtwTrace[%d] %p Ctx %p %s - %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XUnknown type %d for Etw[%d]DEVINTERFACE_MT_TRANSPORTDEVINTERFACE_KEYBOARDDEVINTERFACE_COMPORTDEVINTERFACE_VIAMINIPORTDEVINTERFACE_STORAGEPORTDEVINTERFACE_IRPORTcheck_pnp_notifiers failed, error %d, status %Xcheck_pnp_notifiers failed, error %dcheck_pnp_notifiers: cannot alloc %X bytes (total %d)check_pnp_notifiers: read failed, error %d, status %Xcheck_pnp_notifiers: read failed, error %dPnp Notifiers: total %d, readed %dPnp[%d] %p %s %s addr %pPnp[%d] %s %s addr %p %scheck_pnp_handlers failed, error %d, status %Xcheck_pnp_handlers failed, error %dPlugPlayHandlerTable: %d itemsPlugPlayHandlerTable[%d] %p %sPlugPlayHandlerTable[%d] %pcheck_sess_notify, error %d, status %Xcheck_sess_notify, error %dcheck_sess_notify: cannot alloc %X bytes (total %d)check_sess_notify: read failed, error %d, status %Xcheck_sess_notify: read failed, error %dIopSessionNotifications: %dSessionNotifier[%d]: class %d len %X session %p cb %p %scheck_sess_term_ntfs failed, error %d, status %Xcheck_sess_term_ntfs failed, error %dcheck_sess_term_ntfs: cannot alloc %X bytes (total %d)check_sess_term_ntfs: read failed, error %d, status %Xcheck_sess_term_ntfs: read failed, error %dLogonSessionTerminatedRoutines: %d[%d] %p %scheck_fs_changes failed, error %d, status %Xcheck_fs_changes failed, error %dcheck_fs_changes: cannot alloc %X bytes (total %d)check_fs_changes: read failed, error %d, status %Xcheck_fs_changes: read failed, error %dFS Change notifiers: %d (actual %d)DriverObj %p addr %p %sCannot read count for %s, error %dCount of %s is too big - %XCannot read %s table, error %dCannot read entry %d from table of %s, error %dcheck_vista_cmp_list get count failed, error %d, status %Xcheck_vista_cmp_list get count failed, error %dcheck_vista_cmp_list failed, error %d, status %Xcheck_vista_cmp_list failed, error %dcheck_ai_cbs: cannot read ExpDisQueryAttributeInformation, error %d, ntstatus %Xcheck_ai_cbs: cannot read ExpDisQueryAttributeInformation, error %dExpDisQueryAttributeInformation %p %scheck_ai_cbs: cannot read ExpDisSetAttributeInformation, error %d, ntstatus %Xcheck_ai_cbs: cannot read ExpDisSetAttributeInformation, error %dExpDisSetAttributeInformation %p %scheck_dbgk_lkmd: cannot read DbgkLkmd_cblist, error %d, ntstatus %Xcheck_dbgk_lkmd: cannot read DbgkLkmd_cblist, error %dDbgkLkmd[%d] callback %p %scheck_fsrtl: cannot read FltMgrCallbacks, error %d, ntstatus %Xcheck_fsrtl: cannot read FltMgrCallbacks, error %dFltMgrCallbacks: %p %scheck_fsrtl: cannot read FsRtlpMupCalls, error %d, ntstatus %Xcheck_fsrtl: cannot read FsRtlpMupCalls, error %dFsRtlpMupCalls: %p %scheck_Iof: cannot read pIofCallDriver, error %d, ntstatus %Xcheck_Iof: cannot read pIofCallDriver, error %dpIofCallDriver %p patched by %scheck_Iof: cannot read pIofCompleteRequest, error %d, ntstatus %Xcheck_Iof: cannot read pIofCompleteRequest, error %dpIofCompleteRequest %p patched by %scheck_Iof: cannot read pIoAllocateIrp, error %d, ntstatus %Xcheck_Iof: cannot read pIoAllocateIrp, error %dpIoAllocateIrp %p patched by %scheck_Iof: cannot read pIoFreeIrp, error %d, ntstatus %Xcheck_Iof: cannot read pIoFreeIrp, error %dpIoFreeIrp %p patched by %scheck_Iof: cannot read HvlpHypercallCodeVa, error %d, ntstatus %Xcheck_Iof: cannot read HvlpHypercallCodeVa, error %dHvlpHypercallCodeVa %p patched by %s%SystemRoot%\System32\sxssrv.dll%SystemRoot%\System32\csrsrv.dll%SystemRoot%\System32\basesrv.dll%SystemRoot%\System32\winsrv.dll%SystemRoot%\System32\lsasrv.dll%SystemRoot%\System32\ntdll.dllKiDebugRoutine %p hooked by %sPspLegoNotifyRoutine %p hooked by %sKiTimeUpdateNotifyRoutine %p hooked by %sKiSwapContextNotifyRoutine %p hooked by %sKiThreadSelectNotifyRoutine %p hooked by %sSysenter patched, addr %p not in %s !!!Mailslot: %SNamedPipe: %SDEVCLASS_MULTIPORTSERIALDEVCLASS_PORTSDEVCLASS_KEYBOARDDEVCLASS_APMSUPPORTread_dev_chrs(%S) failed, ntstatus %XDrvObj %p name %S %sDrvObj %p nameLen %X %sdev_props failed, status %XClassGUID: %SClassGUID: %S - %sCannot open directory %S, error %XCannot realloc %d bytesCannot open device directory, error %XCannot open driver directory, error %XCannot open FileSystem directory, error %XUnknown HAL private dispatch table version %XHalAcpiTimerInit: %p %sHalAcpiTimerCarry: %p %sHalAcpiMachineStateInit: %p %sHalAcpiQueryFlags: %p %sHalAcpiPicStateIntact: %p %sHalRestoreInterruptControllerState: %p %sHalPciInterfaceReadConfig: %p %sHalPciInterfaceWriteConfig: %p %sHalSetVectorState: %p %sHalGetApicVersion: %p %sHalSetMaxLegacyPciBusNumber: %p %sHalIsVectorValid: %p %sHalAcpiGetTableDispatch: %p %sHalAcpiGetRsdpDispatch: %p %sHalAcpiGetFacsMappingDispatch: %p %sHalAcpiGetAllTablesDispatch: %p %sHalAcpiPmRegisterAvailable: %p %sHalAcpiPmRegisterRead: %p %sHalAcpiPmRegisterWrite: %p %sHalHandlerForBus: %p %sHalHandlerForConfigSpace: %p %sHalLocateHiberRanges: %p %sHalRegisterBusHandler: %p %sHalSetWakeEnable: %p %sHalSetWakeAlarm: %p %sHalPciTranslateBusAddress: %p %sHalPciAssignSlotResources: %p %sHalHaltSystem: %p %sHalFindBusAddressTranslation: %p %sHalResetDisplay: %p %sHalHandlerForBus: %p %sHalHandlerForConfigSpace: %p %sHalLocateHiberRanges: %p %sHalRegisterBusHandler: %p %sHalSetWakeEnable: %p %sHalSetWakeAlarm: %p %sHalPciTranslateBusAddress: %p %sHalPciAssignSlotResources: %p %sHalHaltSystem: %p %sHalFindBusAddressTranslation: %p %sHalResetDisplay: %p %sKdSetupPciDeviceForDebugging: %p %sKdReleasePciDeviceforDebugging: %p %sKdGetAcpiTablePhase0: %p %sKdCheckPowerButton: %p %sHalVectorToIDTEntry: %p %sKdMapPhysicalMemory64: %p %sKdUnmapVirtualAddress: %p %sHalMmMemoryUsage: %p %sHalAllocateMapRegisters: %p %sKdGetPciDataByOffset: %p %sKdSetPciDataByOffset: %p %sHalGetInterruptVector: %p %sHalGetVectorInput: %p %sHalLoadMicrocode: %p %sHalUnloadMicrocode: %p %sHalMcUpdatePostUpdate: %p %sHalAllocateMessageTarget: %p %sHalFreeMessageTarget: %p %sHalDpReplaceBegin: %p %sHalDpReplaceTarget: %p %sHalDpReplaceControl: %p %sHalDpReplaceEnd: %p %sHalPrepareForBugcheck: %p %sHalQueryWakeTime: %p %sHalReportIdleStateUsage: %p %sHalHandlerForBus: %p %sHalHandlerForConfigSpace: %p %sHalLocateHiberRanges: %p %sHalRegisterBusHandler: %p %sHalSetWakeEnable: %p %sHalSetWakeAlarm: %p %sHalPciTranslateBusAddress: %p %sHalPciAssignSlotResources: %p %sHalHaltSystem: %p %sHalFindBusAddressTranslation: %p %sHalResetDisplay: %p %sHalAllocateMapRegisters: %p %sKdSetupPciDeviceForDebugging: %p %sKdReleasePciDeviceforDebugging: %p %sKdGetAcpiTablePhase0: %p %sKdCheckPowerButton: %p %sHalVectorToIDTEntry: %p %sKdMapPhysicalMemory64: %p %sKdUnmapVirtualAddress: %p %sKdGetPciDataByOffset: %p %sKdSetPciDataByOffset: %p %sHalGetInterruptVector: %p %sHalGetVectorInput: %p %sHalLoadMicrocode: %p %sHalUnloadMicrocode: %p %sHalMcUpdatePostUpdate: %p %sHalAllocateMessageTarget: %p %sHalFreeMessageTarget: %p %sHalDpReplaceBegin: %p %sHalDpReplaceTarget: %p %sHalDpReplaceControl: %p %sHalDpReplaceEnd: %p %sHalPrepareForBugcheck: %p %sHalQueryWakeTime: %p %sHalReportIdleStateUsage: %p %sHalTscSynchronization: %p %sHalWheaInitProcessorGenericSection: %p %sHalStopLegacyUsbInterrupts: %p %sHalReadWheaPhysicalMemory: %p %sHalWriteWheaPhysicalMemory: %p %sHalDpMaskLevelTriggeredInterrupts: %p %sHalDpUnmaskLevelTriggeredInterrupts: %p %sHalDpGetInterruptReplayState: %p %sHalDpReplayInterrupts: %p %sHalQueryIoPortAccessSupported: %p %sHalHandlerForBus: %p %sHalHandlerForConfigSpace: %p %sHalLocateHiberRanges: %p %sHalRegisterBusHandler: %p %sHalSetWakeEnable: %p %sHalSetWakeAlarm: %p %sHalPciTranslateBusAddress: %p %sHalPciAssignSlotResources: %p %sHalHaltSystem: %p %sHalFindBusAddressTranslation: %p %sHalResetDisplay: %p %sHalAllocateMapRegisters: %p %sKdSetupPciDeviceForDebugging: %p %sKdReleasePciDeviceforDebugging: %p %sKdGetAcpiTablePhase0: %p %sKdCheckPowerButton: %p %sHalVectorToIDTEntry: %p %sKdMapPhysicalMemory64: %p %sKdUnmapVirtualAddress: %p %sKdGetPciDataByOffset: %p %sKdSetPciDataByOffset: %p %sHalGetInterruptVector: %p %sHalGetVectorInput: %p %sHalLoadMicrocode: %p %sHalUnloadMicrocode: %p %sHalMcUpdatePostUpdate: %p %sHalAllocateMessageTarget: %p %sHalFreeMessageTarget: %p %sHalDpReplaceBegin: %p %sHalDpReplaceTarget: %p %sHalDpReplaceControl: %p %sHalDpReplaceEnd: %p %sHalPrepareForBugcheck: %p %sHalQueryWakeTime: %p %sHalReportIdleStateUsage: %p %sHalTscSynchronization: %p %sHalWheaInitProcessorGenericSection: %p %sHalStopLegacyUsbInterrupts: %p %sHalReadWheaPhysicalMemory: %p %sHalWriteWheaPhysicalMemory: %p %sHalInterruptMaskLevelTriggeredLines: %p %sHalInterruptUnmaskLevelTriggeredLines: %p %sHalDpGetInterruptReplayState: %p %sHalDpReplayInterrupts: %p %sHalQueryIoPortAccessSupported: %p %sKdSetupIntegratedDeviceForDebugging: %p %sKdReleaseIntegratedDeviceForDebugging: %p %sHalEnlightenmentInitialize: %p %sHalAllocateEarlyPages: %p %sHalMapEarlyPages: %p %sHalTimerGetClockOwner: %p %sHalTimerGetClockConfiguration: %p %sHalTimerNotifyProcessorFreeze: %p %sHalTimerPrepareProcessorForIdle: %p %sHalDiagRegisterLogRoutine: %p %sHalTimerResumeProcessorFromIdle: %p %sHalTimerResetLastClockTick: %p %sHalVectorToIDTEntryEx: %p %sHalSecondaryInterruptQueryPrimaryInformation: %p %sHalMaskInterrupt: %p %sHalUnmaskInterrupt: %p %sHalIsInterruptTypeSecondary: %p %sHalAllocateGsivForSecondaryInterrupt: %p %sHalAddInterruptRemapping: %p %sHalRemoveInterruptRemapping: %p %sHalSaveAndDisableEnlightenment: %p %sHalRestoreHvEnlightenment: %p %sHalPciEarlyRestore: %p %sHalInterruptGetLocalIdentifier: %p %sHalAllocatePmcCounterSet: %p %sHalCollectPmcCounters: %p %sHalFreePmcCounterSet: %p %sHalTimerQueryCycleCounter: %p %sHalTimerGetNextTickDuration: %p %sHalPciMarkHiberPhase: %p %sHalInterruptQueryProcessorRestartEntryPoint: %p %sHalInterruptRequestSecondaryInterrupt: %p %sHalInterruptEnumerateUnmaskedInterrupts: %p %sHalBiosDisplayReset: %p %sHalGetDmaAdapter: %p %sHalCheckPowerButton: %p %sHalMapPhysicalMemoryWriteThrough64: %p %sHalUnmapVirtualAddress: %p %sHalKdReadPCIConfig: %p %sHalKdWritePCIConfig: %p %sHalTimerQueryWakeTime: %p %sHalTimerReportIdleStateUsage: %p %sHalKdEnumerateDebuggingDevices: %p %sHalFlushIoRectangleExternalCache: %p %sHalPowerEarlyRestore: %p %sHalQueryCapsuleCapabilities: %p %sHalUpdateCapsule: %p %sHalPciMultiStageResumeCapable: %p %scheck_hal_private_disp_table: cannot read table, error %d, ntstatus %Xcheck_hal_private_disp_table: cannot read table, error %dcheck_hal_disp_table: cannot read table, error %d, ntstatus %Xcheck_hal_disp_table: cannot read table, error %dHalQuerySystemInformation: %p %sHalSetSystemInformation: %p %sHalQueryBusSlots: %p %sHalExamineMBR: %p %sHalIoReadPartitionTable: %p %sHalIoSetPartitionInformation: %p %sHalIoWritePartitionTable: %p %sHalReferenceHandlerForBus %p %sHalReferenceBusHandler %p %sHalDereferenceBusHandler %p %sHalInitPnpDriver %p %sHalInitPowerManagement %p %sHalGetDmaAdapter %p %sHalGetInterruptTranslator %p %sHalStartMirroring %p %sHalEndMirroring %p %sHalMirrorPhysicalMemory %p %sHalEndOfBoot %p %sHalMirrorVerify %p %sHalGetCachedAcpiTable %p %sHalSetPciErrorHandlerCallback %p %sread_hal_apci_disp_table return %X bytes, error %d, ntstatus %Xread_hal_apci_disp_table return %X bytes, error %dBad HalAcpiDispatchTable version: %Xread_gdt_size failed, error %d, ntstatus %Xread_gdt_size failed, error %dCannot alloc %d bytes for GDT entriesread_gdt failed, error %d, ntstatus %Xread_gdt failed, error %dDescriptor[%d] %s S %d DPL %d type %X base %X limit %XWinChecker::dump_ldt failed, error %X, ntstatus %XWinChecker::dump_ldt failed, error %XWinChecker::dump_ldt: cannot alloc ldt array, size %XLdt[%d]:Base: XLimit: XAVL: %dD/B: %dDPL: %dG: %dP: %dS: %dType: %dCannot read code for kinterrupt(%X) thunk, error %dIDT patched: unknown type %X selector %X addr %p for int%XIDT patched: unknown selector %X for int%XIDT patched: int%X has unknown selector %X base %X limit %X addr %pIDT patched: int%X addr %p by module %sIDT int%X addr %p KINTERRUPT %pIDT patched: int%X addr %pInt%X: selector %X type TASK DPL %X base %X limit %XInt%X: selector %X type %X DPL %X addr %p base %X limit %XInt%X: selector %X type %X DPL %X addr %pread_idt_size failed, error %d, ntstatus %Xread_idt_size failed, error %dread_idt: cannot alloc %d bytes for IDT storageread_idt failed, error %d, ntstatus %Xread_idt failed, error %dCannot read kinterrupt (%X), error %dKInterrupt %X (%p):Size %X type %XServiceRoutine %p %sDispatchAddress %p %scheck_ob_types: cannot read size of ObTypes list, error %d, ntstatus %Xcheck_ob_types: cannot read size of ObTypes list, error %dcheck_ob_types: cannot read %d bytes (readed %d), error %d, ntstatus %Xcheck_ob_types: cannot read %d bytes (readed %d), error %dfill_ob_type: cannot read ObType %S (%X), error %dCannot read ObType %S (%X), error %dObType %S:DumpProcedure: %p %sOpenProcedure: %p %sCloseProcedure: %p %sDeleteProcedure: %p %sParseProcedure: %p %sSecurityProcedure: %p %sQueryNameProcedure: %p %sOkayToCloseProcedure: %p %sZwAlpcConnectPortExZwOpenKeyTransactedExZwOpenKeyExZwOpenKeyTransactedZwCreateKeyTransactedZwAlpcSendWaitReceivePortZwAlpcImpersonateClientOfPortZwAlpcDisconnectPortZwAlpcDeletePortSectionZwAlpcCreatePortSectionZwAlpcCreatePortZwAlpcConnectPortZwAlpcAcceptConnectPortZwUnloadKey2ZwQueryOpenSubKeysExZwLoadKeyExZwQueryPortInformationProcessZwWaitForKeyedEventZwReleaseKeyedEventZwOpenKeyedEventZwCreateKeyedEventZwUnloadKeyExZwSaveKeyExZwRenameKeyZwLockRegistryKeyZwLockProductActivationKeysZwCompressKeyZwCompactKeysZwYieldExecutionZwUnloadKeyZwSetValueKeyZwSetThreadExecutionStateZwSetInformationKeyZwSetDefaultHardErrorPortZwSecureConnectPortZwSaveMergedKeysZwSaveKeyZwRestoreKeyZwRequestWaitReplyPortZwRequestPortZwReplyWaitReplyPortZwReplyWaitReceivePortExZwReplyWaitReceivePortZwReplyPortZwReplaceKeyZwRegisterThreadTerminatePortZwQueryValueKeyZwQueryOpenSubKeysZwQueryMultipleValueKeyZwQueryKeyZwQueryInformationPortZwOpenKeyZwNotifyChangeMultipleKeysZwNotifyChangeKeyZwLoadKey2ZwLoadKeyZwListenPortZwImpersonateClientOfPortZwFlushKeyZwEnumerateValueKeyZwEnumerateKeyZwDeleteValueKeyZwDeleteKeyZwDelayExecutionZwCreateWaitablePortZwCreatePortZwCreateNamedPipeFileZwCreateKeyZwConnectPortZwCompleteConnectPortZwAcceptConnectPortFindKiServiceTable: relocation type %d found at XCannot read body of %s !Cannot extract index of %s, error %dkernel %s don`t contains KeServiceDescriptorTable function !Cannot find SDT in %sCannot read ntdll.dllCannot read body of %s!Cannot read body of ZwYieldExecution!Cannot extract index of ZwYieldExecution, error %dCannot extract index of ZwPlugPlayControl , error %d%s: %pSDT entry %X (%s) hooked %p %s!SDT entry %X hooked %p %s!Need unhook %d items in SSDTUNHOOK_ITEM: Index %X Offset %XUnhook SSDT failed, lasterror %dUnhooked %d SSDT itemsNtUserSetProcessRestrictionExemptionNtUserAcquireIAMKeyNtGdiDdDDICreateKeyedMutex2NtGdiDdDDIOpenKeyedMutex2NtGdiDdDDIAcquireKeyedMutex2NtGdiDdDDIReleaseKeyedMutex2NtUserSetTHQAPublicKeyNtGdiDdDDIReleaseKeyedMutexNtGdiDdDDIAcquireKeyedMutexNtGdiDdDDIDestroyKeyedMutexNtGdiDdDDIOpenKeyedMutexNtGdiDdDDICreateKeyedMutexNtUserEndTouchOperationNtUserSfmDxReportPendingBindingsToDwmNtGdiDDCCIGetTimingReportNtUserUnregisterSessionPortNtUserRegisterSessionPortNtUserRegisterErrorReportingDialogNtGdiSetOPMSigningKeyAndSequenceNumbersNtGdiGetCertificateSizeNtGdiGetCertificateNtUserWaitForMsgAndEventNtUserVkKeyScanExNtUserUnregisterHotKeyNtUserUnlockWindowStationNtUserUnloadKeyboardLayoutNtUserUnhookWindowsHookExNtUserSetWindowStationUserNtUserSetWindowsHookExNtUserSetWindowsHookAWNtUserSetProcessWindowStationNtUserSetKeyboardStateNtUserSetImeHotKeyNtUserSetConsoleReserveKeysNtUserRegisterHotKeyNtUserOpenWindowStationNtUserMapVirtualKeyExNtUserLockWindowStationNtUserLoadKeyboardLayoutExNtUserGetProcessWindowStationNtUserGetKeyStateNtUserGetKeyNameTextNtUserGetKeyboardStateNtUserGetKeyboardLayoutNameNtUserGetKeyboardLayoutListNtUserGetImeHotKeyNtUserGetCPDNtUserGetAsyncKeyStateNtUserCreateWindowStationNtUserCloseWindowStationNtUserCheckImeHotKeyNtUserCallMsgFilterNtUserAlterWindowStyleNtUserActivateKeyboardLayoutNtGdiScaleViewportExtExNtGdiDvpWaitForVideoPortSyncNtGdiDvpUpdateVideoPortNtGdiDvpGetVideoPortConnectInfoNtGdiDvpGetVideoPortOutputFormatsNtGdiDvpGetVideoPortLineNtGdiDvpGetVideoPortInputFormatsNtGdiDvpGetVideoPortFlipStatusNtGdiDvpGetVideoPortFieldNtGdiDvpGetVideoPortBandwidthNtGdiDvpFlipVideoPortNtGdiDvpDestroyVideoPortNtGdiDvpCreateVideoPortNtGdiDvpCanCreateVideoPortNtGdiDdSetColorKeyread_shadow_sdt failed, error %dcheck_win32k_sdt: cannot alloc %d bytesCannot read win32k_sdt at %p size %X, error %dwin32k_sdt[%d] (%s) hooked, addr %p %swin32k_sdt[%d] hooked, addr %p %sGetNamedPipeServerProcessIdread_kddb read %X bytes, error %dcannot read MmNonPagedPoolStart (%p), error %dcannot read MmNonPagedPoolEnd (%p), error %dcannot read MmPagedPoolStart (%p), error %dcannot read MmPagedPoolEnd (%p), error %dcannot read KernelVerifier (%p), error %dWindowsType: %SETHREAD.StartAddress %XKiProcessorBlock: %p (%X)KernelVerifier: %XKeBugCheckCallbackList: %p (%X)WorkerRoutine: %p %sIdleFunction: %p %sIdleFunction: %p %sKPRCB[%d].WorkerRoutine: %p %sKPRCB[%d].IdleFunction: %p %sKPRCB[%d].IdleFunction: %p %sread_kpcr return %X bytes, error %d, ntstatus %Xread_kpcr return %X bytes, error %dKPCR[%d] %p major %X minor %XKPCR[%d] %pget_os_info return %X bytes, error %d, ntstatus %Xget_os_info return %X bytes, error %dNtMajorVersion: %dNtMinorVersion: %dBuildNumber: %dGlobalFlag: %XProcessors: %dMmVerifierFlags %dMmSystemSize %d %sDebuggerEnabled %dDebuggerNotPresent %dSafeBootMode %dNXSupportPolicy %XCR0 %8.8X %sCR4 %8.8X %sCannot open mailslot %S, error %dget_mail_slot_owner(%S): returned %d bytes, error %d, ntstatus %Xget_mail_slot_owner(%S): returned %d bytes, error %dCannot open named pipe %S, error %dGetNamedPipeServerProcessId(%S) failed, error %dget_named_pipe_owner(%S): returned %d bytes, error %d, ntstatus %Xget_named_pipe_owner(%S): returned %d bytes, error %dread_lpc_port_chars: len %d, returned %d bytes, error %d, ntstatus %Xread_lpc_port_chars: len %d, returned %d bytes, error %dread_unicode_string: len %d, returned %d bytes, error %d, ntstatus %Xread_unicode_string: len %d, returned %d bytes, error %dread_drivers_list: cannot get size of drivers list, returned %d bytes, error %d, ntstatus %Xread_drivers_list: cannot get size of drivers list, returned %d bytes, error %dread_drivers_list: cannot alloc %X bytes for driver listread_drivers_list: cannot read drivers list, error %d, ntstatus %Xread_drivers_list: cannot read drivers list, error %d%p:%X flags %X LoadCount %d %sread_KiThreadSelectNotifyRoutine failed, error %dread_KiSwapContextNotifyRoutine failed, error %dread_KiTimeUpdateNotifyRoutine failed, error %dread_PspLegoNotifyRoutine failed, error %dread_KiDebugRoutine failed, error %dread_msrs failed, error %d, ntstatus %Xread_msrs failed, error %dIManageProcess: Cannot OpenProcess %dIManageProcess: Cannot open process %dread_win32_process for PID %X failed, error %d, status %Xread_win32_process for PID %X failed, error %dread_dword(%p, PID %d) failed, error %d, ntstatus %Xread_dword(%p, PID %d) failed, error %dread_ptr(%p, PID %d) failed, error %d, ntstatus %Xread_ptr(%p, PID %d) failed, error %drp_ReadProcessMemory(%p size %X) from %p error %dread_token for PID %X failed, error %d, status %Xread_token for PID %X failed, error %dopen_proc(%d, access %X) failed, error %d, ntstatus %Xopen_proc(%d, access %X) failed, error %drp_OpenProcess(%d, access %X) dwRet %d, error %drp_TerminateProcess(%p, %X) dwRet %d, error %dMajor %d Minor %d BuildNumber %d PlatformId %d ServicePackMajor %d ServicePackMinor %d SuiteMask %d ProductType %d CSDVersion %SProductType: %XCannot open RPC control, error %Xmsgsvcsend_ILocalObjectExporterIVsShellIWbemLoginClientIDICertProtect_IBTFTPApiEvents_s_PasswordRecoverywininet_UrlCache_IObjectExporterWMsgAPIsWMsgKAPIsINCryptKeyIsoHttpProxyMgrProviderIKeySvcRWcnTransportRpcIPortResolveIWbemLoginHelperLRpcSIDKeyISmartCardRootCertsIDebugPortSupplier2IAsyncOperationIPipelineElementOnlineProviderCertInterfaceIBackgroundCopyJobHttpOptionsHttpProxyMgrClientIStaticPortMappingCollectionIKeySvcs_WindowsShutdownIWebBrowser2IDebugPortSupplierLocale2IUPnPHttpHeaderControlWINHTTP_AUTOPROXY_SERVICEIErcLuaSupportIDebugPortSupplier3IKeySvc2BackupKeyIWerReportICertPassageIStaticPortMappingIDebugPortSupplierEx2IWbemLevel1LoginIWebBrowserAppmsgsvcIShellWindowsRpcBindingFromStringBinding(%S) failed: %dRpcMgmtInqIfIds(%S) failed: %dRpcStringBindingCompose failed: %dRpcBindingFromStringBinding failed: %dRpcMgmtInqIfIds failed: %d%8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X version %d.%d : %s%8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X version %d.%d : (%s)RpcMgmtEpEltInqBegin failed: %dCannot read npc table, readed %X bytesrpcrt4%s.AddressChangeFn: %p %srpcrt4_hack::check_myself: exception %d occuredrpcrt4_hack::try_hack: cannot find RpcServerRegisterIfExI_RpcInitNdrImportsload_driver(%S) returned %XLoaded kernel driver: %SError loading kernel driver: %ls - 0xxError loading kernel driver: %S - 0xxError loading kernel driver: %S - OpenSCManager 0xxtcpipClientImmProcessKeyfnHkOPTINLPEVENTMSGfnHkINLPMSGfnSENTDDEMSGfnDWORDOPTINLPMSGRealMsgWaitForMultipleObjectsExPEB.KernelCallbackTable patched, %puser32_hack::try_hack: bad PE passeduser32_hack::try_hack: cannot read import tablepfnWowMsgBoxIndirectCallbackUnknown apfnDispatch size: %d%s_hack::try_hack: bad PE passed%s_hack::try_hack: cannot read exports, error %d%s_hack::try_hack: cannot find section .data%s_hack::try_hack: cannot read section .data%s_hack::try_hack: cannot read section .rdata%s_hack::try_hack: cannot find section .text%s_hack::try_hack: cannot read section .textDxgkReleaseKeyedMutex2DxgkAcquireKeyedMutex2DxgkOpenKeyedMutex2DxgkCreateKeyedMutex2DxgkReleaseKeyedMutexDxgkAcquireKeyedMutexDxgkDestroyKeyedMutexDxgkOpenKeyedMutexDxgkCreateKeyedMutexCannot read gDxgkInterface, readed %X bytesWindowHasShadowDisableProcessWindowsGhostingzzzUnhookWindowsHookxxxUpdateWindowsxxxArrangeIconicWindowsSetWindowStateClearWindowStateSetMsgBoxGetKeyboardTypeGetKeyboardLayoutRemotePassthruDisablexxxRemotePassthruEnableCannot read gpsi, readed %X bytesCannot read gpsi handlers, readed %X bytesCannot read apfnSimpleCall, readed %X bytesCannot read gapfnMessageCall, readed %X bytesCannot read gapfnScSendMessage, readed %X bytesCannot read gaNewProcAddresses, readed %X bytesCannot open logfile %SCannot create stop event, error %dDriver %S loaded from %SSrvGetConsoleKeyboardLayoutNameSrvSetConsoleKeyShortcutsSrvGetConsoleAliasExesSrvGetConsoleAliasExesLengthSrvVDMConsoleOperationSrvGetLargestConsoleWindowSizeSrvExitWindowsExwinsrv.dllUnknown size of ConsoleServerApiDispatchTable: %dUnknown size of UserServerApiDispatchTable: %dCallUserpExitWindowsExGetConsoleAliasExesInternalGetConsoleAliasExesLengthInternalSetConsoleKeyShortcutsGetConsoleKeyboardLayoutNameWorkerSetConsoleOutputCPInternalGetConsoleOutputCPGetLargestConsoleWindowSizereg_ccs_services::read failed - error %dCannot open key %S, error %dSafeSecondaryLog(%d) failed, error %dSafeSecondaryLog failed, error %dSafeSendLog(%d) failed, error %dSafeSendLog failed, error %dBad memory %p len %X in dump_hex_bufferCannot alloc %d bytes for delayed importsCannot alloc %d bytes for importsread_import_safe(%s) failed %XCannot realloc %d bytes for iatread_delayed_safe(%s) failed %Xstore2md_cache: cannot alloc %d bytesstore2md_cache: cannot realloc, alloced %d byteswdigest.dlltspkg.dllschannel.dllpku2u.dllnegoexts.dllmsv1_0.dlllivessp.dllkerberos.dllumpnpmgr.dllcombase.dllntdsa.dllntdll.dllcryptbase.dllncrypt.dllrpcrt4.dllimm32.dlluser32.dllkernelbase.dllkernel32.dlladvapi32.dllole32.dllCannot alloc %X bytes for relocsSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequiredWS2_32.dllRPCRT4.dllGetProcessHeapGetWindowsDirectoryAKERNEL32.dllRegCloseKeyRegOpenKeyExWRegOpenKeyExARegCreateKeyExWADVAPI32.dllGetWindowsDirectoryWGetCPInfoRegQueryInfoKeyWRegEnumKeyWzcÃ.?AVMyWindowsChecker@@.?AV?$rpcrt4_hack@U_IMAGE_NT_HEADERS@@@@.?AVtcpip_hack@@.?AV?$import_holder@U_IMAGE_NT_HEADERS@@@CMN@@.?AVinmem_import_holder@CMN@@.?AVimport_holder_intf@CMN@@.?AVmodule_import@CMN@@aR.RnX.UJ^Aw%xyWf.Gkf%0X0m0>$?(?,?0?3&4;456?90:77g77>7[7`7|76#8*878^8~811_10#101#2020 11h1J36%7S77*717>7[8=!>&>9>>>7&7@7l7Â8N8V8z8:);4;>;\;0%0X0= >$>(>,>0>?,?4?\?|?.----/01/01/01KERNEL32.DLLmscoree.dllU%SystemRoot%\system32\svchost.exe%SystemRoot%\system32\svchostWSOCKTRANSPORTTCPIP6TCPIPSTORPORTSTORMINIPORTSOFTPCISCSIPORTSCSIMINIPORTSBP2PORTFCPORTPassiveWatchdogTimeoutsImageExecutionOptionsErrorPortStartTimeoutErrorPortCommTimeoutDisablePagingExecutiveDebuggerMaxModuleMsgsCountOperationsB\\.\Psapi.dllsWindows PowerShelltHost Process for Windows TasksWindows Problem Reporting 32 bitWindows Problem ReportingWindows Modules InstallermWindows Start-Up ApplicationtWindows Search IndexersWindows Server Initial Configuration TasksWindows Media PlayerDump Reporting ToolError ReporterrWindows Control Panel 32 bitWindows Control PanelWindows Connect Now - Config Registrar ServiceWindows Media Player Network Sharing ServiceWindows firewallWindows Error Reporting ServicetWindows DefendervError reporting serviceeWindows update serviceWindows Image AcquisitionWebClienttWindows Security Center Notification AppyWindows Based Script HostWindows installer 32 bitWindows installerWindows 16-bit Virtual MachineWindows Management InstrumentationWindows User Mode Driver ManagerMS tftpMS ftp 32 bitMS ftpMicrosoft Help and Support CenterCmd.exe 32 bitCmd.exeWindows Logon User Interface HostWindows updatetGoogle ChromerOpera Internet BrowserMozilla Thunderbird Mail and News ClientdFirefox browserServices.exe%SystemRoot%\msagent\agentsvr.exe%SystemRoot%\System32\dfrgfat.exe%SystemRoot%\System32\dfrgntfs.exe%SystemRoot%\System32\services.exe%SystemRoot%\System32\svchost.exe%SystemRoot%\System32\alg.exe%SystemRoot%\System32\spoolsv.exe%SystemRoot%\System32\net.exe%SystemRoot%\System32\net1.exe%SystemRoot%\System32\cmd.exe%SystemRoot%\System32\notepad.exe%SystemRoot%\System32\calc.exe%SystemRoot%\System32\PTF.exe%SystemRoot%\System32\tPTF.exe%SystemRoot%\System32\telnet.exe%SystemRoot%\System32\taskkill.exe%SystemRoot%\System32\ctfmon.exe%SystemRoot%\System32\wdfmgr.exe%SystemRoot%\System32\mmc.exe%SystemRoot%\System32\userinit.exe%SystemRoot%\System32\wbem\wmiprvse.exe%SystemRoot%\System32\wbem\wmiadap.exe%SystemRoot%\explorer.exe%SystemRoot%\System32\lsass.exe%SystemRoot%\System32\winlogon.exe%SystemRoot%\System32\LogonUI.exe%SystemRoot%\System32\wuauclt.exe%SystemRoot%\System32\wuauclt1.exe%SystemRoot%\System32\CCM\CcmExec.exe%SystemRoot%\System32\csrss.exe%SystemRoot%\System32\smss.exe\SystemRoot\System32\smss.exe%SystemRoot%\System32\inetsrv\w3wp.exe%SystemRoot%\System32\schtasks.exe%SystemRoot%\System32\tstheme.exe%SystemRoot%\System32\control.exe%SystemRoot%\System32\taskmgr.exe%SystemRoot%\System32\dwwin.exe%SystemRoot%\System32\drwtsn32.exe%SystemRoot%\System32\dumprep.exe%SystemRoot%\System32\dfssvc.exe%SystemRoot%\System32\dllhost.exe%SystemRoot%\System32\ntvdm.exe%SystemRoot%\System32\rundll32.exe%SystemRoot%\System32\msiexec.exe%SystemRoot%\System32\mshta.exe%SystemRoot%\System32\regsvr32.exe%SystemRoot%\System32\cscript.exe%SystemRoot%\System32\wscript.exe%SystemRoot%\System32\wscntfy.exe%SystemRoot%\System32\mstsc.exe%SystemRoot%\System32\dashost.exefar.exeFar.exeCLSID\{FC7D9E02-3F9E-11d3-93C0-00C04F72DAF7}\InprocServer32CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\LocalServer32CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32iedw.exe%SystemRoot%\System32\oobechk.exe%SystemRoot%\System32\oobe.exe%SystemRoot%\System32\psxss.exe%SystemRoot%\System32\internat.exeAcroRd32.exeexcel.exeoutlook.exewinword.exepowerpnt.exewmplayer.exefirefox.exethunderbird.exeOpera.exeWinRAR.exe%SystemRoot%\System32\wininit.exe%SystemRoot%\System32\lsm.exe%SystemRoot%\System32\dwm.exe%SystemRoot%\System32\werfault.exe%SystemRoot%\System32\taskeng.exe%SystemRoot%\System32\conime.exe%SystemRoot%\System32\wudfhost.exe%SystemRoot%\System32\taskhost.exe%SystemRoot%\System32\conhost.exe%SystemRoot%\System32\rdpclip.exe%SystemRoot%\System32\SearchFilterHost.exe%SystemRoot%\System32\SearchProtocolHost.execsrss.exesvchost.exealg.exesPptpMiniportTcpippsapi.dll127.0.0.1\\.\pipe\\\.\mailslot\SOFTWARE\Microsoft\Windows NT\CurrentVersion\\.\Pipe\\\.\Mailslot\ncacn_ip_tcp:ncadg_ip_udp:\\pipe\\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShellRemediationExeSOFTWARE\Classes\SCCM.VAppLauncher\shell\Open\commandSOFTWARE\Classes\CLSID\{00AAB372-0D6D-4976-B5F5-9BC7605E30BB}\LocalServer32SOFTWARE\Classes\CLSID\{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}\LocalServer32SOFTWARE\Classes\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}\LocalServer32SOFTWARE\Classes\CLSID\{03e64e17-b220-4052-9b9b-155f9cb8e016}\LocalServer32SOFTWARE\Classes\CLSID\{1F69F884-285E-418E-9715-B9EEE402DD5F}\LocalServer32Software\Microsoft\Windows\CurrentVersion\WINEVT\publishersWindows checker1.0.0.3432wincheck.exe0, 0, 8, 16NesIMIQs.exe_228_rwx_05740000_00001000:.text`.rdata@.dataNesIMIQs.exe_228_rwx_05750000_00001000:.text`.rdata@.dataNesIMIQs.exe_228_rwx_06010000_00001000:notepad.exe "%Documents and Settings%\%current user%\myfile"NesIMIQs.exe_228_rwx_06020000_00001000:%Documents and Settings%\%current user%\myfilereIEcoQI.exe_232_rwx_00401000_00069000:3E.Pcq:P!V^#%Xkq..JF{U%Sa@('%D^q-*?|Q%fSE?.rn~M*.Dhe4E.IdJWH%k%cn>x_?%uRc!%3.UGiO0]w.LQI 4keyyL%C['7.BLP;.StH>.Qlx #62software\microsoft\windows\currentversion\runP.yrBX.PB]%C%FoS(F<.cs>reIEcoQI.exe_232_rwx_00680000_00068000:3E.Pcq:P!V^#%Xkq..JF{U%Sa@('%D^q-*?|Q%fSE?.rn~M*.Dhe4E.IdJWH%k%cn>x_?%uRc!%3.UGiO0]w.LQI 4keyyL%C['7.BLP;.StH>.Qlx #6$g.GdP.yrBX.PB]%C%FoS(F<.cs>reIEcoQI.exe_232_rwx_00700000_00001000:%WinDir%\TEMPreIEcoQI.exe_232_rwx_00940000_00001000:%Documents and Settings%\LocalService\dUskcAww\fGAwoYMMreIEcoQI.exe_232_rwx_00950000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQsreIEcoQI.exe_232_rwx_00960000_00001000:%Documents and Settings%\LocalService\dUskcAww\fGAwoYMM.infreIEcoQI.exe_232_rwx_00970000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.infreIEcoQI.exe_232_rwx_00980000_00001000:%Documents and Settings%\LocalService\dUskcAww\fGAwoYMM.exereIEcoQI.exe_232_rwx_00990000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exereIEcoQI.exe_232_rwx_009C0000_00001000:fGAwoYMM.exereIEcoQI.exe_232_rwx_009D0000_00001000:NesIMIQs.exereIEcoQI.exe_232_rwx_009E0000_00001000:taskkill /FI "USERNAME eq SYSTEM" /F /IM fGAwoYMM.exereIEcoQI.exe_232_rwx_009F0000_00001000:taskkill /FI "USERNAME eq SYSTEM" /F /IM NesIMIQs.exe