Gen:Variant.Kazy.530639 (BitDefender), Trojan.Win32.Generic!BT (VIPRE), Win32.VirLock.6 (DrWeb), Gen:Variant.Kazy.530639 (B) (Emsisoft), Generic Obfuscated.g (McAfee), Gen:Variant.Kazy.530639 (FSecure), Gen:Variant.Kazy.530639 (AdAware), ZeroAccess.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: d2a676784026c3ad5030b692fe5cca1d
SHA1: 4af995acc26d3a3446754d6e2c710d44ea991e88
SHA256: 40c5082e8afee396f0bb2688b0a7b2c73da19de99b299d991d7f206916bc6e7c
SSDeep: 24576:eJ96P02xZun tedCiB0i70TlhCcGd alw:eJE087imi7AlwcGskw
Size: 924672 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-01-06 02:36:08
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
cscript.exe:2712
cscript.exe:2964
cscript.exe:3576
cscript.exe:212
cscript.exe:3712
cscript.exe:2844
cscript.exe:1308
cscript.exe:2096
cscript.exe:2092
cscript.exe:3652
cscript.exe:2524
cscript.exe:3172
cscript.exe:3856
cscript.exe:2404
cscript.exe:3852
cscript.exe:2400
cscript.exe:1676
cscript.exe:2464
cscript.exe:1316
cscript.exe:3884
cscript.exe:1920
cscript.exe:3936
cscript.exe:1796
cscript.exe:3332
cscript.exe:1496
cscript.exe:264
cscript.exe:3408
cscript.exe:3756
cscript.exe:3248
cscript.exe:2556
cscript.exe:2492
cscript.exe:3032
cscript.exe:3244
cscript.exe:2416
cscript.exe:2060
cscript.exe:2256
cscript.exe:2148
cscript.exe:3772
cscript.exe:3776
cscript.exe:1324
cscript.exe:3628
cscript.exe:2908
cscript.exe:3828
cscript.exe:332
cscript.exe:3272
cscript.exe:2824
cscript.exe:3676
cscript.exe:4044
cscript.exe:1712
cscript.exe:2780
cscript.exe:2544
cscript.exe:2300
cscript.exe:2980
cscript.exe:2304
cscript.exe:2268
cscript.exe:2388
cscript.exe:364
cscript.exe:2076
cscript.exe:2288
cscript.exe:3664
cscript.exe:2444
cscript.exe:3952
cscript.exe:2932
cscript.exe:3956
cscript.exe:3152
cscript.exe:3456
cscript.exe:3312
cscript.exe:2832
cscript.exe:3316
cscript.exe:2452
cscript.exe:4056
cscript.exe:2044
cscript.exe:3464
cscript.exe:3212
cscript.exe:3396
cscript.exe:3012
cscript.exe:3504
cscript.exe:1240
cscript.exe:2168
cscript.exe:3512
cscript.exe:432
cscript.exe:2616
cscript.exe:3612
cscript.exe:2612
cscript.exe:624
cscript.exe:3804
cscript.exe:2296
cscript.exe:1228
cscript.exe:3004
cscript.exe:2808
cscript.exe:3268
cscript.exe:252
cscript.exe:4084
cscript.exe:172
cscript.exe:1632
cscript.exe:2204
cscript.exe:1980
cscript.exe:2056
cscript.exe:2560
cscript.exe:2564
cscript.exe:3088
cscript.exe:2368
cscript.exe:2112
cscript.exe:3080
cscript.exe:2360
cscript.exe:2428
cscript.exe:3860
cscript.exe:2152
cscript.exe:636
cscript.exe:564
cscript.exe:2180
cscript.exe:2184
cscript.exe:3724
cscript.exe:3284
cscript.exe:160
cscript.exe:3280
cscript.exe:2212
cscript.exe:3448
cscript.exe:3376
cscript.exe:3964
cscript.exe:2752
cscript.exe:2352
cscript.exe:2100
cscript.exe:2692
cscript.exe:3968
cscript.exe:2104
cscript.exe:2864
cscript.exe:2732
cscript.exe:2868
cscript.exe:2572
cscript.exe:2636
cscript.exe:3632
cscript.exe:1288
cscript.exe:3148
cscript.exe:2816
cscript.exe:2948
cscript.exe:2940
cscript.exe:2136
cscript.exe:3108
cscript.exe:876
cscript.exe:2224
cscript.exe:2740
cscript.exe:1752
cscript.exe:644
cscript.exe:4092
cscript.exe:2872
cscript.exe:2724
cscript.exe:3912
cscript.exe:3708
cscript.exe:3544
cscript.exe:2332
cscript.exe:3540
cscript.exe:1280
cscript.exe:2232
cscript.exe:3220
cscript.exe:3104
cscript.exe:2000
cscript.exe:476
cscript.exe:2532
%original file name%.exe:2964
%original file name%.exe:3712
%original file name%.exe:2652
%original file name%.exe:2844
%original file name%.exe:1260
%original file name%.exe:2280
%original file name%.exe:2968
%original file name%.exe:2840
%original file name%.exe:3320
%original file name%.exe:4024
%original file name%.exe:2096
%original file name%.exe:4020
%original file name%.exe:2092
%original file name%.exe:3656
%original file name%.exe:3044
%original file name%.exe:3652
%original file name%.exe:3556
%original file name%.exe:1948
%original file name%.exe:2320
%original file name%.exe:2592
%original file name%.exe:1940
%original file name%.exe:2480
%original file name%.exe:2400
%original file name%.exe:3804
%original file name%.exe:2244
%original file name%.exe:2240
%original file name%.exe:816
%original file name%.exe:3836
%original file name%.exe:336
%original file name%.exe:3764
%original file name%.exe:3768
%original file name%.exe:3492
%original file name%.exe:2656
%original file name%.exe:1956
%original file name%.exe:4036
%original file name%.exe:3408
%original file name%.exe:3672
%original file name%.exe:2452
%original file name%.exe:3640
%original file name%.exe:2552
%original file name%.exe:1060
%original file name%.exe:2992
%original file name%.exe:3240
%original file name%.exe:2396
%original file name%.exe:2412
%original file name%.exe:532
%original file name%.exe:296
%original file name%.exe:3848
%original file name%.exe:1380
%original file name%.exe:2252
%original file name%.exe:1908
%original file name%.exe:196
%original file name%.exe:3944
%original file name%.exe:1924
%original file name%.exe:3148
%original file name%.exe:2068
%original file name%.exe:3384
%original file name%.exe:628
%original file name%.exe:2300
%original file name%.exe:4048
%original file name%.exe:2380
%original file name%.exe:1652
%original file name%.exe:2072
%original file name%.exe:2668
%original file name%.exe:308
%original file name%.exe:2440
%original file name%.exe:2768
%original file name%.exe:3816
%original file name%.exe:2936
%original file name%.exe:1336
%original file name%.exe:2284
%original file name%.exe:1632
%original file name%.exe:2884
%original file name%.exe:3264
%original file name%.exe:2256
%original file name%.exe:3552
%original file name%.exe:4056
%original file name%.exe:3464
%original file name%.exe:1636
%original file name%.exe:3460
%original file name%.exe:3500
%original file name%.exe:2572
%original file name%.exe:1648
%original file name%.exe:1240
%original file name%.exe:2676
%original file name%.exe:436
%original file name%.exe:3220
%original file name%.exe:2372
%original file name%.exe:2616
%original file name%.exe:3596
%original file name%.exe:3616
%original file name%.exe:3232
%original file name%.exe:2920
%original file name%.exe:2456
%original file name%.exe:2924
%original file name%.exe:456
%original file name%.exe:332
%original file name%.exe:3604
%original file name%.exe:3124
%original file name%.exe:2196
%original file name%.exe:3008
%original file name%.exe:1900
%original file name%.exe:2472
%original file name%.exe:2200
%original file name%.exe:2568
%original file name%.exe:3216
%original file name%.exe:2052
%original file name%.exe:4064
%original file name%.exe:2056
%original file name%.exe:3512
%original file name%.exe:3692
%original file name%.exe:1584
%original file name%.exe:656
%original file name%.exe:652
%original file name%.exe:2368
%original file name%.exe:2684
%original file name%.exe:3084
%original file name%.exe:2112
%original file name%.exe:2364
%original file name%.exe:3896
%original file name%.exe:3080
%original file name%.exe:2116
%original file name%.exe:1212
%original file name%.exe:2584
%original file name%.exe:2580
%original file name%.exe:2628
%original file name%.exe:3608
%original file name%.exe:3072
%original file name%.exe:2180
%original file name%.exe:3728
%original file name%.exe:3112
%original file name%.exe:3528
%original file name%.exe:3884
%original file name%.exe:2896
%original file name%.exe:2892
%original file name%.exe:3212
%original file name%.exe:2516
%original file name%.exe:2080
%original file name%.exe:4080
%original file name%.exe:2736
%original file name%.exe:3864
%original file name%.exe:1928
%original file name%.exe:2948
%original file name%.exe:232
%original file name%.exe:2136
%original file name%.exe:3348
%original file name%.exe:2132
%original file name%.exe:3100
%original file name%.exe:1612
%original file name%.exe:3184
%original file name%.exe:320
%original file name%.exe:2508
%original file name%.exe:2748
%original file name%.exe:3872
%original file name%.exe:2500
%original file name%.exe:3916
%original file name%.exe:204
%original file name%.exe:2640
%original file name%.exe:3476
%original file name%.exe:3052
%original file name%.exe:3704
%original file name%.exe:3780
%original file name%.exe:1804
%original file name%.exe:3788
%original file name%.exe:3524
%original file name%.exe:3424
%original file name%.exe:472
%original file name%.exe:3196
%original file name%.exe:808
The Trojan injects its code into the following process(es):
fGAwoYMM.exe:772
reIEcoQI.exe:1216
NesIMIQs.exe:1208
Mutexes
The following mutexes were created/opened:
IqgoYgMElgIIIEQU
File activity
The process %original file name%.exe:2964 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ucMsUAgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qukEcMok.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qukEcMok.bat (0 bytes)
The process %original file name%.exe:3712 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BMksEAcY.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nwIkMcYg.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BMksEAcY.bat (0 bytes)
The process %original file name%.exe:2652 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HGAUksMo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cKQIUIUE.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HGAUksMo.bat (0 bytes)
The process %original file name%.exe:2844 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IkEUEMQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rioUMEoU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oIMwwgwM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZKkMQwUY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oIMwwgwM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZKkMQwUY.bat (0 bytes)
The process %original file name%.exe:1260 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IaoUEMgY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ogEMksUU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IaoUEMgY.bat (0 bytes)
The process %original file name%.exe:2280 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aEUosYEQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PQIEggEY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aEUosYEQ.bat (0 bytes)
The process %original file name%.exe:2968 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SEEIYwgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dSEAIgYc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dSEAIgYc.bat (0 bytes)
The process %original file name%.exe:2840 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vQYoMwoY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UYYYIYEA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UYYYIYEA.bat (0 bytes)
The process %original file name%.exe:3320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EYgAYcMY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kKIkAkQM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EYgAYcMY.bat (0 bytes)
The process %original file name%.exe:4024 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mUEEYEoE.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LCAgQYYs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mUEEYEoE.bat (0 bytes)
The process %original file name%.exe:2096 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mQwYAQYs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\doQksAII.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FOsAsYok.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mQwYAQYs.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FOsAsYok.bat (0 bytes)
The process %original file name%.exe:4020 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zAscUIMM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYcsAAsQ.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zAscUIMM.bat (0 bytes)
The process %original file name%.exe:2092 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nIcEYcMU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DQwYIcQM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DQwYIcQM.bat (0 bytes)
The process %original file name%.exe:3656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yOkskYAA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GqEYwAQE.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yOkskYAA.bat (0 bytes)
The process %original file name%.exe:3044 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TUsgEowQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EaYkQIEM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TUsgEowQ.bat (0 bytes)
The process %original file name%.exe:3652 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YOAssYUs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oEMgMAgg.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YOAssYUs.bat (0 bytes)
The process %original file name%.exe:3556 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mYAoscMA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NqwAYMAw.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mYAoscMA.bat (0 bytes)
The process %original file name%.exe:1948 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JYoEsQYQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rOsQEEYw.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JYoEsQYQ.bat (0 bytes)
The process %original file name%.exe:2320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LCAgIIEc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YcUcMUYY.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LCAgIIEc.bat (0 bytes)
The process %original file name%.exe:2592 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\naMQoUwA.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vMokUgcw.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vMokUgcw.bat (0 bytes)
The process %original file name%.exe:1940 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tscEYQoQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sSgsAcos.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tscEYQoQ.bat (0 bytes)
The process %original file name%.exe:2480 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dOAcAgQM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZuoAIYMI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZuoAIYMI.bat (0 bytes)
The process %original file name%.exe:2400 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GGAogAwU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mGAYAooA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mGAYAooA.bat (0 bytes)
The process %original file name%.exe:3804 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\acAYkUAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sgQkkEYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UwcocYAM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PsQQgEks.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\acAYkUAU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PsQQgEks.bat (0 bytes)
The process %original file name%.exe:2244 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ACIEgcQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KqAgYUYY.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KqAgYUYY.bat (0 bytes)
The process %original file name%.exe:2240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yyIAsYYA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HmAUogIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jeokcEgw.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VwMYgMYc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HmAUogIE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VwMYgMYc.bat (0 bytes)
The process %original file name%.exe:816 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HGkMYUoM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cAQoYcMQ.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cAQoYcMQ.bat (0 bytes)
The process %original file name%.exe:3836 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gOgIQkkw.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kGEYEQIo.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gOgIQkkw.bat (0 bytes)
The process %original file name%.exe:336 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UOwUkQgs.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qkIQcooc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qkIQcooc.bat (0 bytes)
The process %original file name%.exe:3764 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BAEwgQIc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oOkogEgk.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BAEwgQIc.bat (0 bytes)
The process %original file name%.exe:3768 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JYssgwcI.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EoYUUAYI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EoYUUAYI.bat (0 bytes)
The process %original file name%.exe:3492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VYQgEsAs.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JywEokow.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VYQgEsAs.bat (0 bytes)
The process %original file name%.exe:2656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OaAsQsoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iuEkMcwk.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OaAsQsoU.bat (0 bytes)
The process %original file name%.exe:1956 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bCQsQAYQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZOwEMcoA.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bCQsQAYQ.bat (0 bytes)
The process %original file name%.exe:4036 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\pSQYYAIc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fCocgooY.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fCocgooY.bat (0 bytes)
The process %original file name%.exe:3408 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gIMkIYUY.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZeMQEAko.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gIMkIYUY.bat (0 bytes)
The process %original file name%.exe:3672 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kIkoMkUU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MowkcEcI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MowkcEcI.bat (0 bytes)
The process %original file name%.exe:2452 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GoQIookk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LaswEYMc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LaswEYMc.bat (0 bytes)
The process %original file name%.exe:3640 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uickkkcQ.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GmEEYgQo.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GmEEYgQo.bat (0 bytes)
The process %original file name%.exe:2552 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oeUkUUYE.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bGQQIcwM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oeUkUUYE.bat (0 bytes)
The process %original file name%.exe:1060 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jeMYMYQc.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NYgMUMEM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NYgMUMEM.bat (0 bytes)
The process %original file name%.exe:2992 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IsggMMwM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UUcAoAYg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UUcAoAYg.bat (0 bytes)
The process %original file name%.exe:3240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cmUMQcsw.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GsEMQAwM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GsEMQAwM.bat (0 bytes)
The process %original file name%.exe:2396 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xsQscAkc.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZukEsAIs.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZukEsAIs.bat (0 bytes)
The process %original file name%.exe:2412 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rQksgwIU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aoscQUEM.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aoscQUEM.bat (0 bytes)
The process %original file name%.exe:532 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oKMkgwQQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BCwIYIsA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BCwIYIsA.bat (0 bytes)
The process %original file name%.exe:296 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XsIQoQYk.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bQEYQkUI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bQEYQkUI.bat (0 bytes)
The process %original file name%.exe:3848 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AAgskYkI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xokokIkI.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AAgskYkI.bat (0 bytes)
The process %original file name%.exe:1380 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KakYEkYc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ROQMgkoE.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ROQMgkoE.bat (0 bytes)
The process %original file name%.exe:2252 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VQMwEsow.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IMkQIMMM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IMkQIMMM.bat (0 bytes)
The process %original file name%.exe:1908 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nesYAIUc.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZGYAIMQY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZGYAIMQY.bat (0 bytes)
The process %original file name%.exe:196 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jYEcIAMU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TQgEwsEQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TQgEwsEQ.bat (0 bytes)
The process %original file name%.exe:3944 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KqssMAgk.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jQckIcoQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KqssMAgk.bat (0 bytes)
The process %original file name%.exe:1924 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dqgUkogU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FYgUooYA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FYgUooYA.bat (0 bytes)
The process %original file name%.exe:3148 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\goEIQQQQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AEUYkogM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\goEIQQQQ.bat (0 bytes)
The process %original file name%.exe:2068 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RQocoIAI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\poAsoksQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\poAsoksQ.bat (0 bytes)
The process %original file name%.exe:3384 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dWIAgsww.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LqYMwQAk.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LqYMwQAk.bat (0 bytes)
The process %original file name%.exe:628 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SmIAIEAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LsUMoIAc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LsUMoIAc.bat (0 bytes)
The process %original file name%.exe:2300 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AqUsAggo.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kSMgMkcE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AqUsAggo.bat (0 bytes)
The process %original file name%.exe:4048 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YMAYUEgo.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CuckIkoI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CuckIkoI.bat (0 bytes)
The process %original file name%.exe:2380 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WCQMIsMs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sWAMQYgU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sWAMQYgU.bat (0 bytes)
The process %original file name%.exe:1652 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AgcYEgYw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wIkIIQwA.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AgcYEgYw.bat (0 bytes)
The process %original file name%.exe:2072 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SigQMIwc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lSAogUoA.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SigQMIwc.bat (0 bytes)
The process %original file name%.exe:2668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tkAggsgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LGkAgAUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oEIgQQMQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bGUsUcks.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oEIgQQMQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bGUsUcks.bat (0 bytes)
The process %original file name%.exe:308 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wUkAIkoU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\peoIIEkc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wUkAIkoU.bat (0 bytes)
The process %original file name%.exe:2440 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QyAwosIU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GywYksME.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GywYksME.bat (0 bytes)
The process %original file name%.exe:2768 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fyAkUAIg.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JKckQUUI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fyAkUAIg.bat (0 bytes)
The process %original file name%.exe:3816 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hWwoAAUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CkMswcAA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CkMswcAA.bat (0 bytes)
The process %original file name%.exe:2936 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uMYsYQYg.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LCAMYAoQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uMYsYQYg.bat (0 bytes)
The process %original file name%.exe:1336 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\COowEQUI.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tOMEoAQE.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tOMEoAQE.bat (0 bytes)
The process %original file name%.exe:2284 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VMccwoEU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jYcUgYkQ.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jYcUgYkQ.bat (0 bytes)
The process %original file name%.exe:1632 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tckUUUIY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CggMEsEY.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tckUUUIY.bat (0 bytes)
The process %original file name%.exe:2884 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yaEEwIwg.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kGIEkIQI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kGIEkIQI.bat (0 bytes)
The process %original file name%.exe:3264 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UqsMAMkA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yooMMkQY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UqsMAMkA.bat (0 bytes)
The process %original file name%.exe:3552 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ymMMYcwM.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RkAokEEg.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ymMMYcwM.bat (0 bytes)
The process %original file name%.exe:4056 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QegwskMs.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UUoEYoIo.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QegwskMs.bat (0 bytes)
The process %original file name%.exe:3464 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bgAQQMsQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lIUAAEgM.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lIUAAEgM.bat (0 bytes)
The process %original file name%.exe:1636 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PsYcYYow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FmMcwYkM.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FmMcwYkM.bat (0 bytes)
The process %original file name%.exe:3460 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CyEcIsYc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XmMwMckQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XmMwMckQ.bat (0 bytes)
The process %original file name%.exe:3500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zWgwYoAk.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sagIIgcc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zWgwYoAk.bat (0 bytes)
The process %original file name%.exe:2572 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zqQcsMMA.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsIIMsYk.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RsIIMsYk.bat (0 bytes)
The process %original file name%.exe:1648 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GKsIEgkg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UmsMYEYg.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UmsMYEYg.bat (0 bytes)
The process %original file name%.exe:1240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FugwQUMM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MeoQAggY.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FugwQUMM.bat (0 bytes)
The process %original file name%.exe:2676 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zicokgcE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nqkEQsUA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nqkEQsUA.bat (0 bytes)
The process %original file name%.exe:436 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UAYIIQIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KWoQUQMY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AOscQUYc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LyowocII.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AOscQUYc.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LyowocII.bat (0 bytes)
The process %original file name%.exe:3220 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MsgMoMoI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MkwIEcgk.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MsgMoMoI.bat (0 bytes)
The process %original file name%.exe:2372 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nCoEsYcY.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rEgIoYAg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rEgIoYAg.bat (0 bytes)
The process %original file name%.exe:2616 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IwYQUQgU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BQYYAAkc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IwYQUQgU.bat (0 bytes)
The process %original file name%.exe:3596 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RmscUoQo.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dgQEocQY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RmscUoQo.bat (0 bytes)
The process %original file name%.exe:3616 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GQIsEEoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gsYMowUU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dcgcQosA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xQsYIocM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gsYMowUU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dcgcQosA.bat (0 bytes)
The process %original file name%.exe:3232 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rAIQQMwE.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PoMokkss.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PoMokkss.bat (0 bytes)
The process %original file name%.exe:2920 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bOAgQUwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xqMkYEAo.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xqMkYEAo.bat (0 bytes)
The process %original file name%.exe:2456 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oqMgQMYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lygMYQss.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lygMYQss.bat (0 bytes)
The process %original file name%.exe:2924 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rCswwQgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JcgIsAUM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JcgIsAUM.bat (0 bytes)
The process %original file name%.exe:456 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\okEwUgMY.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dMsMAAIY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\okEwUgMY.bat (0 bytes)
The process %original file name%.exe:332 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WakEwkkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JAoEUEUI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JAoEUEUI.bat (0 bytes)
The process %original file name%.exe:3604 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gscEYoUw.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SwQkYAMA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SwQkYAMA.bat (0 bytes)
The process %original file name%.exe:3124 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wEEMsMIU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RkUEogQg.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\wEEMsMIU.bat (0 bytes)
The process %original file name%.exe:2196 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JwEMAwco.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ROMMAIoI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JwEMAwco.bat (0 bytes)
The process %original file name%.exe:3008 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TmoIIYok.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mQUEYMcQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TmoIIYok.bat (0 bytes)
The process %original file name%.exe:1900 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JaQQQAUg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sucwMAok.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xwwUMgMw.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pUYYkYMg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xwwUMgMw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pUYYkYMg.bat (0 bytes)
The process %original file name%.exe:2472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mwoUUQok.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TAIoQQMs.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TAIoQQMs.bat (0 bytes)
The process %original file name%.exe:2200 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nKgcQAgs.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KwkcwkoA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KwkcwkoA.bat (0 bytes)
The process %original file name%.exe:2568 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NuEoAYIA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LiksMkkI.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LiksMkkI.bat (0 bytes)
The process %original file name%.exe:3216 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\msIkoIEM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gIEEwoQE.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gIEEwoQE.bat (0 bytes)
The process %original file name%.exe:2052 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zMEAIQIE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DowAgooQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DowAgooQ.bat (0 bytes)
The process %original file name%.exe:4064 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qsAkwswk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iQEswoAc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iQEswoAc.bat (0 bytes)
The process %original file name%.exe:2056 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eucYQock.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eqQQEEQs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eucYQock.bat (0 bytes)
The process %original file name%.exe:3512 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qUcMAsUg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JyAMwsEw.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qUcMAsUg.bat (0 bytes)
The process %original file name%.exe:3692 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MsIEkMkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tAYQUwMA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tAYQUwMA.bat (0 bytes)
The process %original file name%.exe:1584 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ccEkEEIw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xeIgsoEg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VmUgkwsg.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SyYUAwsE.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xeIgsoEg.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SyYUAwsE.bat (0 bytes)
The process %original file name%.exe:656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KgsosYQM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ywUQsIwY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ywUQsIwY.bat (0 bytes)
The process %original file name%.exe:652 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eSEwMgQc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EuQQIcMA.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eSEwMgQc.bat (0 bytes)
The process %original file name%.exe:2368 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kCgkEQgo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\heUoIEMk.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kCgkEQgo.bat (0 bytes)
The process %original file name%.exe:2684 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QwwwMgss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rUYMokkk.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QwwwMgss.bat (0 bytes)
The process %original file name%.exe:3084 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gGsEIggU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VYoIogoU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VYoIogoU.bat (0 bytes)
The process %original file name%.exe:2112 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WEAkYoEU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fgwgwwgI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WEAkYoEU.bat (0 bytes)
The process %original file name%.exe:2364 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Lmcwkowg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZOQsMMwo.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZOQsMMwo.bat (0 bytes)
The process %original file name%.exe:3896 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KCMAUYUs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CoAkEcgQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CoAkEcgQ.bat (0 bytes)
The process %original file name%.exe:3080 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MAsoEEAw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qeUMUMUI.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MAsoEEAw.bat (0 bytes)
The process %original file name%.exe:2116 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UMMooEwQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GWggkcYE.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GAoAIcQU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kiAsIwww.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GWggkcYE.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GAoAIcQU.bat (0 bytes)
The process %original file name%.exe:1212 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SiYkUsUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mYgkoUkA.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mYgkoUkA.bat (0 bytes)
The process %original file name%.exe:2584 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IKAYogsg.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zqowMQkY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zqowMQkY.bat (0 bytes)
The process %original file name%.exe:2580 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OOgIsYcA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qogIYEYE.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OOgIsYcA.bat (0 bytes)
The process %original file name%.exe:2628 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EOkMQIQI.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sAAgQUAo.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sAAgQUAo.bat (0 bytes)
The process %original file name%.exe:3608 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aoUwQwMI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HAEoAQcQ.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aoUwQwMI.bat (0 bytes)
The process %original file name%.exe:3072 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sIwMEwsQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gEsEQUEU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\sIwMEwsQ.bat (0 bytes)
The process %original file name%.exe:2180 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xCcwgIgM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YogUMkcs.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xCcwgIgM.bat (0 bytes)
The process %original file name%.exe:3728 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UQoMgwYU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tkYEAMYU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tkYEAMYU.bat (0 bytes)
The process %original file name%.exe:3112 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oAwEQocY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NuckEQcU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NuckEQcU.bat (0 bytes)
The process %original file name%.exe:3528 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LAEEokEw.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JQAAswsI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LAEEokEw.bat (0 bytes)
The process %original file name%.exe:3884 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jAkskQsU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FsUQIIUc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FsUQIIUc.bat (0 bytes)
The process %original file name%.exe:2896 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qsEAYgEQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UwkksUAs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qsEAYgEQ.bat (0 bytes)
The process %original file name%.exe:2892 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AmIIcYgg.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iGAYgAwE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AmIIcYgg.bat (0 bytes)
The process %original file name%.exe:3212 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AWMQgkMw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AGgEYMks.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AWMQgkMw.bat (0 bytes)
The process %original file name%.exe:2516 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fyEksIsU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XsEIUwQs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fyEksIsU.bat (0 bytes)
The process %original file name%.exe:2080 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IAwAkgcM.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qKIEsQkY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IAwAkgcM.bat (0 bytes)
The process %original file name%.exe:4080 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NWcAYsQY.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HsQQYoEE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NWcAYsQY.bat (0 bytes)
The process %original file name%.exe:2736 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gywYwQsY.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hSEAEoEA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\hSEAEoEA.bat (0 bytes)
The process %original file name%.exe:3864 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AeMYgEEM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ACgYcooA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ACgYcooA.bat (0 bytes)
The process %original file name%.exe:1928 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MgAUYocw.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lgAcssco.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lgAcssco.bat (0 bytes)
The process %original file name%.exe:2948 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xGcUkAks.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BGwIkscM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xGcUkAks.bat (0 bytes)
The process %original file name%.exe:232 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qUoYkssU.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iWQQcgMY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iWQQcgMY.bat (0 bytes)
The process %original file name%.exe:2136 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GcwkIAMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RQEgQIQs.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RQEgQIQs.bat (0 bytes)
The process %original file name%.exe:3348 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lIMkcEAk.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oywIwYow.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\oywIwYow.bat (0 bytes)
The process %original file name%.exe:2132 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SGcQwAQk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HEkYoUsU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HEkYoUsU.bat (0 bytes)
The process %original file name%.exe:3100 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KUIQEgMQ.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fgcYgEEY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KUIQEgMQ.bat (0 bytes)
The process %original file name%.exe:1612 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OmMUgkME.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xoUUIEMc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xoUUIEMc.bat (0 bytes)
The process %original file name%.exe:3184 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iSAskYwk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vAkQgIoE.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vAkQgIoE.bat (0 bytes)
The process %original file name%.exe:320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SWUwUAAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aaAwAEAQ.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SWUwUAAU.bat (0 bytes)
The process %original file name%.exe:2508 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\huMwssgc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PosYcAUc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\huMwssgc.bat (0 bytes)
The process %original file name%.exe:2748 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EUscEYYM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SMcYMUcA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SMcYMUcA.bat (0 bytes)
The process %original file name%.exe:3872 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OesMsIQw.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQIcskQw.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WQIcskQw.bat (0 bytes)
The process %original file name%.exe:2500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cAkMUoYw.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QekMQcsI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cAkMUoYw.bat (0 bytes)
The process %original file name%.exe:3916 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qOwIAoEc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QIowwkoc.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qOwIAoEc.bat (0 bytes)
The process %original file name%.exe:204 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ikMIsMEM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QeYwgAMg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QeYwgAMg.bat (0 bytes)
The process %original file name%.exe:2640 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UCEMkQQM.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\auEoAEEY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\auEoAEEY.bat (0 bytes)
The process %original file name%.exe:3476 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gKgYckcs.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\liAYUMMY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gKgYckcs.bat (0 bytes)
The process %original file name%.exe:3052 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WukUIMQw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nMwooAwg.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WukUIMQw.bat (0 bytes)
The process %original file name%.exe:3704 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dOAgcUIg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\coswwkcw.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\coswwkcw.bat (0 bytes)
The process %original file name%.exe:3780 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tuEwAsso.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tkkEwMgs.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tkkEwMgs.bat (0 bytes)
The process %original file name%.exe:1804 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ncQUcoIY.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iigwMMAk.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iigwMMAk.bat (0 bytes)
The process %original file name%.exe:3788 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IOsYsoEU.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\liUYEgsM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IOsYsoEU.bat (0 bytes)
The process %original file name%.exe:3524 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WUMgwIUA.bat (112 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LMYwcUso.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LMYwcUso.bat (0 bytes)
The process %original file name%.exe:3424 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VaEUkMwU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nmAUYcQI.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nmAUYcQI.bat (0 bytes)
The process %original file name%.exe:472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YUkoAIYI.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zMIUskgI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\YUkoAIYI.bat (0 bytes)
The process %original file name%.exe:3196 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lcgwkcog.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zuYcYYIE.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zuYcYYIE.bat (0 bytes)
The process %original file name%.exe:808 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\QAEAkwQE.bat (112 bytes)
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe (3825 bytes)
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe (4137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LsUoEUQc.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe (3921 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\LsUoEUQc.bat (0 bytes)
The process NesIMIQs.exe:1208 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (7726 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (2321 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (30812 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (2321 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (3073 bytes)
C:\totalcmd\TcUsbRun.exe (3073 bytes)
C:\totalcmd\TCUNINST.EXE.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\KAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (3361 bytes)
C:\totalcmd\TCMDX32.EXE.exe (3361 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (5441 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (2321 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp (0 bytes)
C:\totalcmd\TCUNINST.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp (0 bytes)
C:\totalcmd\TCMADMIN.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg (0 bytes)
C:\totalcmd\TCMDX32.EXE (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg (0 bytes)
C:\totalcmd\TOTALCMD.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp (0 bytes)
Registry activity
The process cscript.exe:2712 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "29 C7 45 DA 98 2B 37 A9 FE DA F6 64 23 94 49 52"
The process cscript.exe:2964 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E E2 A2 B1 B9 2D FD A9 10 35 F7 47 3F 56 23 EF"
The process cscript.exe:3576 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "60 C6 BB 80 C4 C7 47 29 10 BC 15 3E C4 B7 2B 52"
The process cscript.exe:212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 5B 2A 56 41 07 EC A2 51 6F F8 28 6E A3 B1 C7"
The process cscript.exe:3712 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 0C 7B D7 F5 B4 E2 18 F5 9F 1A A3 9B 99 B7 10"
The process cscript.exe:2844 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D C6 9D 49 DA 49 90 94 5F D2 8D 28 D8 7E E2 F2"
The process cscript.exe:1308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 CC 23 B9 5F 42 E8 09 86 FA 77 D4 78 41 ED 78"
The process cscript.exe:2096 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6D 3C 3B C4 B2 7F 7C D2 53 81 75 A1 CA 1C 14 81"
The process cscript.exe:2092 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A 9F 34 85 BB AC 58 5E 5D 5D D8 3A 83 A3 1C 81"
The process cscript.exe:3652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 B6 0C F7 2D A0 77 85 8A 37 8E 0A FD 7A E1 27"
The process cscript.exe:2524 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B D7 22 81 73 1F F8 F4 45 5E AA 77 D4 5F 54 45"
The process cscript.exe:3172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B3 C8 54 2E FC DA 64 E5 F1 98 96 CD C0 93 E0 3C"
The process cscript.exe:3856 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 A4 90 60 4D 24 AA C6 B2 85 B3 64 E8 27 DE C0"
The process cscript.exe:2404 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF C6 BB 31 25 9A 1E F7 2A 40 CC 56 E6 5C B0 B9"
The process cscript.exe:3852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E 0E B7 23 89 CC DB 7A 18 EC 5C D5 09 88 D5 47"
The process cscript.exe:2400 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F5 46 7D 13 85 41 19 6A 41 5C 57 53 B0 32 B7 A9"
The process cscript.exe:1676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 88 25 50 F4 BD 42 03 00 5C 64 94 83 2E ED 9E"
The process cscript.exe:2464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 6A 15 03 57 AD B3 15 BA 3E F8 37 59 C2 E9 80"
The process cscript.exe:1316 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 A2 8E CA 9C 02 04 18 7D 05 42 23 05 CC 2B 7F"
The process cscript.exe:3884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 D3 22 D4 B2 1A 38 DF 67 18 49 25 DA 76 71 1E"
The process cscript.exe:1920 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 E9 C3 FE 0A F3 C4 78 5B 46 6C CC EC 29 58 29"
The process cscript.exe:3936 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 AA A1 9D 2C A5 5F 75 69 D2 27 3A 60 EB B9 7F"
The process cscript.exe:1796 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 EC 27 28 9D FD 08 89 35 6C B6 90 60 35 D9 30"
The process cscript.exe:3332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "62 A0 7E 87 BB 3C 0F A6 89 C3 FA 31 B3 79 2C 57"
The process cscript.exe:1496 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FF 34 E3 0F B0 14 72 31 0B 06 26 10 DE CA 69 1D"
The process cscript.exe:264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 58 80 9F B9 7C 1C 16 C3 F3 DC 1C 29 60 D5 69"
The process cscript.exe:3408 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 3B 72 9F 4B B6 81 EE 83 75 B9 28 C4 7C 44 35"
The process cscript.exe:3756 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 E5 5E 6F 35 70 36 D0 A5 C1 8E 3D 27 4B F3 E5"
The process cscript.exe:3248 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 B4 84 4F C5 12 62 D5 73 88 EB 68 03 D2 BC 15"
The process cscript.exe:2556 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 9B CB 81 4F D0 31 83 5D BB B6 87 6E A2 74 40"
The process cscript.exe:2492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 4A 48 34 78 F4 DF 3D F9 90 61 0B C9 7C 9E 8C"
The process cscript.exe:3032 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 E0 37 07 F3 E5 E1 D4 AE D3 F0 D2 53 DB 01 37"
The process cscript.exe:3244 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE C9 BE D3 18 70 EA 79 D5 00 07 0A DD CD E9 B5"
The process cscript.exe:2416 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 3E 22 40 47 B7 BF AD 49 34 30 F4 A2 4D 45 CB"
The process cscript.exe:2060 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D5 5D A0 23 0C 9A C5 90 6B AA 70 C4 52 83 94 A1"
The process cscript.exe:2256 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 DA 3D FB C9 C7 26 26 34 FA F2 F3 87 19 F0 B0"
The process cscript.exe:2148 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 F6 03 E2 67 06 C8 6B 79 0B F3 DE E8 78 75 91"
The process cscript.exe:3772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 48 DE 3C BE D2 46 43 31 9B 94 D4 A4 4C 10 CF"
The process cscript.exe:3776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 3D F1 2C 1C 6F 36 41 A4 0F D0 D1 4C 41 50 C3"
The process cscript.exe:1324 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 A3 DE A9 FF 5B 05 C6 94 C0 1F EF 38 2B D9 60"
The process cscript.exe:3628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C EC 81 A2 2E 0F BC 00 EA BC 41 FF 92 24 FA 51"
The process cscript.exe:2908 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 0A 9B F8 D3 B4 33 2E B9 59 AD 08 E3 C5 38 2B"
The process cscript.exe:3828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CB 32 5A F0 A2 23 77 46 03 F7 F5 FC C0 D1 DE 95"
The process cscript.exe:332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B2 2E 76 43 97 E7 C3 8D 95 6F 88 B7 BE B8 0B C3"
The process cscript.exe:3272 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 BE F2 13 07 F4 FA 18 8F 4A ED 06 75 6E FC 4E"
The process cscript.exe:2824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 85 86 EB C4 90 CC 76 50 D9 74 28 49 90 2E 64"
The process cscript.exe:3676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 6F 4E 93 C3 D9 7F 8A 9B 66 F5 FE EB CC 55 AE"
The process cscript.exe:4044 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE AC 62 93 28 8B 82 6E FF 2B 3F 5F E9 5E 05 B0"
The process cscript.exe:1712 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 04 E2 58 4A 88 87 F8 5B 12 4F E9 EF 25 08 67"
The process cscript.exe:2780 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB C6 20 A2 4A CB 2C 01 8F 44 48 E3 F8 A1 52 8F"
The process cscript.exe:2544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 77 A2 FA ED F9 21 44 03 59 3D 45 70 FE EB 94"
The process cscript.exe:2300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 74 CD 05 FF A3 34 C7 16 58 0E 80 31 7E F4 BC"
The process cscript.exe:2980 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 22 A8 9F BC 84 F8 37 BD ED D0 2A 56 42 CF 50"
The process cscript.exe:2304 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B 08 9F 61 26 50 7C 07 BD 31 72 0C 29 E2 47 C5"
The process cscript.exe:2268 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D2 4B CB DA 37 23 25 DB D7 C8 46 CB 6E 5C 1D BC"
The process cscript.exe:2388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 06 76 C5 F8 26 62 0D 78 1A AA EB 8C 41 80 EF"
The process cscript.exe:364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 20 69 6F 78 B9 63 1D B8 FA 39 E3 70 B7 1C CF"
The process cscript.exe:2076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 78 E8 D6 29 A0 41 61 D1 81 4A FB 04 6D D6 27"
The process cscript.exe:2288 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 E4 3B 28 B0 5B 33 53 00 1A 9D 58 AC 27 02 F5"
The process cscript.exe:3664 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 09 68 FF 48 74 E3 D8 D6 D4 2C 85 D2 3E 5F FD"
The process cscript.exe:2444 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 76 8C E6 19 F6 B5 17 C5 B5 0F 5D 62 54 D7 03"
The process cscript.exe:3952 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 E8 22 D3 9F AA 9A 89 87 0F CA CD 4E 41 0B CB"
The process cscript.exe:2932 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C 96 85 D1 2C AF 2A 97 94 33 D4 18 AD AE FA D5"
The process cscript.exe:3956 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE C6 78 23 22 D8 71 25 C8 1C 47 69 D3 7D 2A CA"
The process cscript.exe:3152 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C 57 C6 41 42 58 5C DF 3C 3A 28 12 1F 3F 67 4C"
The process cscript.exe:3456 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AD 50 5E 61 D2 EE 67 A0 CC 0E 98 E5 14 19 A4 6F"
The process cscript.exe:3312 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "15 87 DC 6F BE 0C 58 F3 79 BA B9 0E D1 A1 4D 2A"
The process cscript.exe:2832 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 DF D1 5B 9F F2 0F 05 E5 6F 17 83 A4 F8 C8 29"
The process cscript.exe:3316 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 89 16 9A AD 95 89 D8 A1 84 C3 50 EC 1A 92 42"
The process cscript.exe:2452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 2F 6A 62 C6 93 16 74 AA BA 39 6E BF F8 F5 FB"
The process cscript.exe:4056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 7F BA 89 91 EC E1 AB 4D 53 2A 4A D0 15 9B 94"
The process cscript.exe:2044 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E C4 37 3D 53 AB 43 8E 7C E8 29 1E 9A 08 6F 39"
The process cscript.exe:3464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC F3 22 C6 BB F6 C0 9D 20 D3 A0 15 3C C6 90 AF"
The process cscript.exe:3212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF 07 EF 99 60 C4 04 6F E7 C0 E9 D0 D7 F5 3B 9B"
The process cscript.exe:3396 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 C9 90 A4 83 67 DE D1 C6 B2 B4 6A DD 00 4C AE"
The process cscript.exe:3012 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 79 CD 64 72 36 2A 43 79 EA A6 89 7D DF E6 56"
The process cscript.exe:3504 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 0E AE 9A 09 A0 3E DC A5 85 88 79 85 DD E5 53"
The process cscript.exe:1240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF 2B 02 D2 EA 2D 56 F9 3C 5F D4 0C 93 36 A3 0D"
The process cscript.exe:2168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 F9 1C C8 12 68 75 90 65 B9 C8 02 6E 61 FC 12"
The process cscript.exe:3512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E 10 F7 8D 37 0D 44 AE A8 0D 98 6B DB 33 70 A9"
The process cscript.exe:432 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 63 F7 01 EA 11 E2 2E 04 6A 2B 3E F1 4E 4F DE"
The process cscript.exe:2616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B 6D FD 38 5D 60 11 3D B0 1B 17 0F 91 9F 09 1A"
The process cscript.exe:3612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D F2 BA 1A 2E 59 9D D5 EB 41 A3 78 AE 1C C9 D7"
The process cscript.exe:2612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 A9 D5 B5 0C 46 6A 72 84 4F D5 97 22 3A 26 2B"
The process cscript.exe:624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA 6C BC 33 E4 28 3F 3F D1 7D 07 E8 05 58 C8 4B"
The process cscript.exe:3804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 7A 80 EC 14 59 60 59 E3 F3 F7 1F 00 24 C9 5F"
The process cscript.exe:2296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 8D 83 5F C7 B1 4D 01 36 B9 A3 D4 11 6B 22 97"
The process cscript.exe:1228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 FE 3D 58 5A C1 67 A2 AF 48 BB 3B F8 7E 48 3C"
The process cscript.exe:3004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 9A 08 5F C7 A4 D3 98 A1 E1 71 C5 B4 22 7B 78"
The process cscript.exe:2808 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 81 A0 D2 74 DB 18 9F 84 7E B4 57 5F A7 A9 CE"
The process cscript.exe:3268 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B ED 25 0F 93 C1 2A 0C 06 C9 F8 06 E5 53 64 8B"
The process cscript.exe:252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 8C E3 2F BF FC 2F 71 67 DC 27 C3 55 9C 97 20"
The process cscript.exe:4084 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B 72 B9 2E D2 F1 A4 63 5A 62 D2 EA 3B 98 4E F0"
The process cscript.exe:172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 0B AF 3E D3 BD 84 8B 6C 10 35 6E E4 23 30 4B"
The process cscript.exe:1632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B9 B7 00 33 56 7D 23 2F F4 06 13 17 C9 93 B7 AC"
The process cscript.exe:2204 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FE 3D 6B 53 5B 14 C0 A8 28 23 8C 2E 11 94 5E F3"
The process cscript.exe:1980 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 74 7F E3 C6 C4 7A 42 85 FD E5 73 68 94 0D 14"
The process cscript.exe:2056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 51 F6 CF EC 32 37 2F 0E E3 2E 8D 9D 54 AB AD"
The process cscript.exe:2560 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D D9 B1 70 E4 D3 5E 3F A1 56 0B 19 F3 19 C3 74"
The process cscript.exe:2564 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 7D DD E2 E7 76 E3 87 D7 BE 34 7C 8C 9E D2 84"
The process cscript.exe:3088 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 DC 98 92 34 6E E6 0F D2 FE 4E D8 66 01 6D A0"
The process cscript.exe:2368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 FA 90 46 52 09 78 9E F3 05 B9 3C A4 5C 98 C8"
The process cscript.exe:2112 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A6 B8 0E B6 B3 5E B4 48 99 EE AA 53 06 B5 D6 70"
The process cscript.exe:3080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 F2 C3 D8 FF 38 84 5B CB 64 DA 54 8B B1 B3 9B"
The process cscript.exe:2360 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE DE 33 66 44 A9 84 01 F9 B5 B4 35 B9 C8 F3 9F"
The process cscript.exe:2428 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 79 2B 9D D2 93 FF 1C 60 DB 16 E6 2A BB A9 D3"
The process cscript.exe:3860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 2E 54 0B 1E 3A 14 1C 27 F6 C0 20 C0 3F E9 C5"
The process cscript.exe:2152 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4B ED 37 A1 DF 6D CF 0C 21 39 29 50 4D E9 71 38"
The process cscript.exe:636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 0F A7 3E 31 42 52 F1 1C AE F6 D6 C4 D5 23 BA"
The process cscript.exe:564 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 D6 AB 59 68 8D C3 E7 83 EA 5D 05 BE 82 54 90"
The process cscript.exe:2180 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 FE F1 8C 85 9F 2D CB 84 47 6E D7 B9 6E 0E 56"
The process cscript.exe:2184 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "24 83 D8 03 59 0A 7B 7B 09 0F C0 7A 3C B5 B8 C9"
The process cscript.exe:3724 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DB 75 6F C3 64 AC 5F A6 96 E4 5E 6B 9C C4 90 28"
The process cscript.exe:3284 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 10 B8 A5 F4 B6 14 E6 B4 30 1F 6A 3D 31 CE 0A"
The process cscript.exe:160 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE D4 B7 66 D9 43 7B B0 D3 8A F4 39 B5 08 04 70"
The process cscript.exe:3280 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 C7 DF CD 91 C4 DE BC D8 0E F9 7F C9 B0 89 DB"
The process cscript.exe:2212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DD C9 6E 80 FB 8B FD DF 9C 80 2F C1 C7 40 F1 CD"
The process cscript.exe:3448 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 81 F7 75 CC 83 C7 F3 7A E8 0C F4 AC FB CD 0D"
The process cscript.exe:3376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "82 68 88 48 5C 49 6F C1 40 F5 BA F8 7D 12 C3 AA"
The process cscript.exe:3964 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "82 15 B4 2B BE 9D 51 49 EF 2F 9C 8D 40 9C 57 A7"
The process cscript.exe:2752 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CA 43 65 9F 61 F0 28 BB 06 B5 F5 5B 00 0C 9F FD"
The process cscript.exe:2352 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE 07 DC 58 12 7D 7D 1B B6 CC 8B 88 E5 60 81 D0"
The process cscript.exe:2100 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C 0A 62 BA AA 7B 54 BB 4B B5 1F 00 A1 2A C5 C1"
The process cscript.exe:2692 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 AD AC C1 FC 63 3B 0C C1 A6 7C 63 FE AB 13 4A"
The process cscript.exe:3968 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 44 E3 3F 55 91 E3 86 B4 32 91 D7 3E F0 CE 4C"
The process cscript.exe:2104 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E 0D DB A2 26 8C 90 80 50 97 3D CF A0 F9 39 B3"
The process cscript.exe:2864 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC 70 08 38 38 D8 12 C6 86 D7 23 DD BA 09 C3 89"
The process cscript.exe:2732 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 3A DD 0A B8 89 6E F1 C0 8D F1 AA A4 2F 0D BE"
The process cscript.exe:2868 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 C4 7D E3 99 8E C6 84 BA 6B B5 90 96 7F AB 34"
The process cscript.exe:2572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 39 D0 CB D5 52 E9 FB B5 EC F9 7C DB AD BB 2A"
The process cscript.exe:2636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 06 08 65 2C 00 67 FF 9E 74 32 B3 EC 4A F9 FD"
The process cscript.exe:3632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 E3 F0 26 41 89 36 74 22 5B 75 EC 79 3B 7B 6E"
The process cscript.exe:1288 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF 63 BA C9 E0 D2 BA 0B BE E8 37 16 CB 6D 1A 8E"
The process cscript.exe:3148 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 D3 96 11 AF 1C 62 33 82 5A A5 0D D3 FE B7 53"
The process cscript.exe:2816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E AB 53 EB EA 72 AF 3E BF 2B F2 5A 03 8F 06 DA"
The process cscript.exe:2948 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2D 93 90 14 C5 F2 24 86 75 9C 20 C2 BA FF F2 1C"
The process cscript.exe:2940 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 1C 96 34 7A 2B E8 E7 18 DB 41 AA 72 AD B5 0E"
The process cscript.exe:2136 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C A7 0E BC 7C A5 69 DD 68 3E DA B2 82 20 DA EE"
The process cscript.exe:3108 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DB B2 E5 80 6F D2 75 D2 85 0D 2A D6 C8 53 69 F8"
The process cscript.exe:876 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 BA 66 40 E2 F7 DB 40 D0 12 99 8D 25 E8 DA 00"
The process cscript.exe:2224 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C DF C2 5A 85 52 BC 10 4A 55 D8 CA E2 B4 56 94"
The process cscript.exe:2740 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C 22 1D F6 7D 93 4A 41 18 1D 9A B3 0B D3 65 D5"
The process cscript.exe:1752 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 3E A7 93 FE EF A5 F8 65 5C DB 7E D2 DE 5B DA"
The process cscript.exe:644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 F3 01 62 32 BB FD A5 21 F0 03 8A A5 12 8F 87"
The process cscript.exe:4092 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 14 3D E8 EC 73 90 91 57 6E BB 06 8C 01 D8 59"
The process cscript.exe:2872 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0B DE C4 B2 76 E6 9D 83 89 95 46 EC EB 42 1B E4"
The process cscript.exe:2724 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 F1 22 51 0C C8 B9 97 93 52 40 DA 5B 53 0C BA"
The process cscript.exe:3912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C 04 8F 8A B8 C2 17 C6 15 41 54 A1 9C B6 71 52"
The process cscript.exe:3708 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 D3 F9 21 25 EA E5 11 11 7C 9A 50 71 35 D9 A8"
The process cscript.exe:3544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA 79 36 3E 37 0A 5A B6 C1 AE 91 C8 09 DC 4C E3"
The process cscript.exe:2332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D 6D B5 50 DF 85 2B 0A 7B 8E 29 9F 46 A3 9F 63"
The process cscript.exe:3540 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D 42 90 C2 CF 67 81 3D 3E 37 01 35 71 F7 8B C0"
The process cscript.exe:1280 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE 2E 6D 3E AC BC D8 2D 04 E0 27 97 A2 3F E7 D1"
The process cscript.exe:2232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 AB 6C E0 0F CB 11 FB 8C 32 FA B1 A7 98 DE 88"
The process cscript.exe:3220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B3 62 0A 4C 7E E3 3A 69 B0 D7 BA 62 40 D5 5C 40"
The process cscript.exe:3104 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 62 AB 74 BD B3 17 FA 18 1B C7 37 F5 07 69 75"
The process cscript.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 9A 73 8D 50 C1 3C CD DF BF 24 10 06 99 47 93"
The process cscript.exe:476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 B8 59 BC 11 25 DC 88 D0 65 3E 23 DC 99 10 09"
The process cscript.exe:2532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7D 7B 60 1E 13 C4 2E F9 71 AE 0F B2 3D EB E9 D2"
The process fGAwoYMM.exe:772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 24 DC 7A EB 51 96 9A 2A 4F F1 1A 1A 50 E8 F2"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
The process reIEcoQI.exe:1216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 88 9D E6 C8 46 02 6B 00 40 16 D0 B2 0C 1A 4D"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
The process %original file name%.exe:2964 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC BB E9 AA 8B 1D 54 67 21 6A 26 E7 0B CE BE 13"
The process %original file name%.exe:3712 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 D4 3E AF 9B 3F F7 21 D7 1F 5D 14 A4 4F 2F C1"
The process %original file name%.exe:2652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 50 FF 57 4D 68 BA F4 0C 4B 8E D9 1B 03 99 C7"
The process %original file name%.exe:2844 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 9F 28 36 1A FF 31 A7 14 4C 81 58 0B EA B8 85"
The process %original file name%.exe:1260 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 84 FC 6A 53 D0 58 C0 E7 A4 AA 77 15 46 B1 72"
The process %original file name%.exe:2280 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 E9 D3 5E 4F EC 54 EA CA 2D 35 76 7B 31 09 D1"
The process %original file name%.exe:2968 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 1D 34 15 3C FE 6F 69 98 90 1F 65 F9 99 91 FF"
The process %original file name%.exe:2840 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 4B EB 68 28 E7 EF EF 76 BF A1 EB 46 EC 3E 14"
The process %original file name%.exe:3320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 02 DB 30 47 0F 13 47 74 13 0D 0D 32 33 BC 16"
The process %original file name%.exe:4024 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 ED D5 AD 38 DB 64 C7 D4 FD E0 59 83 5E E4 3A"
The process %original file name%.exe:2096 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB BF F9 C2 51 DC 7A 9B 2C BA E7 1D 07 A1 E1 73"
The process %original file name%.exe:4020 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 99 13 ED 9A EF 48 ED 9F E2 91 B8 57 82 80 45"
The process %original file name%.exe:2092 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 26 3B A2 CB 7D 84 3E 53 06 7B 8C 8F 9C 12 56"
The process %original file name%.exe:3656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 27 AC C8 75 17 AA 6D 83 ED B5 4A B3 A1 44 6F"
The process %original file name%.exe:3044 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "38 C0 0F 37 B5 70 EE 6B 4C 9E 55 CA 0F 4B 5C FF"
The process %original file name%.exe:3652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A AA 5B BF 10 0A 7F 38 A0 DD 7B F8 CB 66 30 2D"
The process %original file name%.exe:3556 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 E7 C0 63 CA AC DB 4D DE 98 38 A4 CE 1F AC C4"
The process %original file name%.exe:1948 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E 0D 60 E8 DE 97 59 26 F9 AD A2 07 76 13 72 4A"
The process %original file name%.exe:2320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AE CD 2D 81 37 03 8A 44 39 63 F3 59 50 8D AD 6E"
The process %original file name%.exe:2592 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 0E 01 3D 44 60 C0 C4 AC F7 82 05 14 21 75 A7"
The process %original file name%.exe:1940 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 4B 5C 88 D6 1A 50 33 54 92 BE 87 52 30 76 FF"
The process %original file name%.exe:2480 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 4D 2E 3F AE E7 AA 43 BA 11 55 95 FC F5 07 1E"
The process %original file name%.exe:2400 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FF 2D 27 3C 7A 07 38 C4 94 4C 8F E1 29 64 8B 9A"
The process %original file name%.exe:3804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD 2F B9 CE 8A 06 DD C6 C0 B1 19 25 EA 20 AC 38"
The process %original file name%.exe:2244 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "68 25 2C 79 EC 71 57 04 EA 72 6E 06 49 E3 FF 61"
The process %original file name%.exe:2240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA 31 E9 F7 04 44 3D 5B 64 12 E1 1A D7 E9 94 D0"
The process %original file name%.exe:816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 14 1F BD CD E2 DF 44 70 E3 46 4D 6B A2 2A 59"
The process %original file name%.exe:3836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 42 19 4C B0 E0 E4 48 46 97 20 35 92 B5 4F 55"
The process %original file name%.exe:336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 D0 A9 3C 41 BC 92 DF 5C C7 13 DD A2 9D D2 E5"
The process %original file name%.exe:3764 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 0C B2 5C DC 4F 0F E3 3E 82 61 63 78 14 1E 53"
The process %original file name%.exe:3768 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 60 55 0B 2F 9D 05 9A 93 B5 C2 21 CA F6 21 64"
The process %original file name%.exe:3492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6D 3E 9D A5 16 69 5E 39 E9 B9 70 CB 66 21 16 99"
The process %original file name%.exe:2656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 74 4F 6C 6D 81 B2 64 B4 C7 C6 ED F3 59 18 A9"
The process %original file name%.exe:1956 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 56 C8 00 FD 01 6A B7 5B 6D D0 A9 8B 8C FA FD"
The process %original file name%.exe:4036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 F1 E5 6B 3D 0A E6 B7 E6 B5 47 E8 22 9F 76 9C"
The process %original file name%.exe:3408 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 4B 33 DD B1 7A 02 07 3A EE 8B 98 DC BB 6E 82"
The process %original file name%.exe:3672 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 E3 57 39 C1 9B 14 1D 29 71 0D B6 F0 40 51 38"
The process %original file name%.exe:2452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 06 F2 AF 3A AD E9 A5 FF 60 FB 9C 5E C3 09 F1"
The process %original file name%.exe:3640 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 CD 74 A0 AD 36 54 58 18 C7 07 08 BF 88 6D AD"
The process %original file name%.exe:2552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 D0 B1 D4 57 1B 12 60 57 99 04 DF 3E 83 01 54"
The process %original file name%.exe:1060 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9D C8 2D 6F E0 8F 57 91 AF A3 DF 47 AE 99 EA F8"
The process %original file name%.exe:2992 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 2A 9A 0A 7D 0A 18 C6 A5 00 8D 41 52 E0 B0 21"
The process %original file name%.exe:3240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A2 36 CD 7D D6 2A 8E EE E1 F2 97 C3 10 3B 22 A4"
The process %original file name%.exe:2396 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 9F 16 D2 98 16 23 AE 44 AE C7 54 C2 A3 B3 6E"
The process %original file name%.exe:2412 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 9F C4 23 5B 59 F9 2C 09 3B 71 CB 9D E0 BA D2"
The process %original file name%.exe:532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF D6 FE E8 BF D1 85 3B 61 63 92 E8 62 E9 96 1D"
The process %original file name%.exe:296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CA D7 FC 14 B2 41 66 18 18 44 C9 C1 4D 18 5D 62"
The process %original file name%.exe:3848 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD 56 D8 23 81 82 E6 B3 CB 04 BB 94 62 38 79 7A"
The process %original file name%.exe:1380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 7B 33 7A 10 90 B0 1B CE 7E 66 31 06 D4 1D 84"
The process %original file name%.exe:2252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 3E F2 FA A3 D9 FC 85 5A C6 BB 4B 33 44 F1 FB"
The process %original file name%.exe:1908 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B2 0B FA A2 8C 20 0D 09 5D B1 09 01 20 B4 BA 14"
The process %original file name%.exe:196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 95 FB 0D 3C 9B 87 72 47 CF 88 FF 69 CE DD 8F"
The process %original file name%.exe:3944 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 27 3D 11 04 01 38 17 12 6C EF 8B 9F A0 AE EA"
The process %original file name%.exe:1924 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 EA 6B 3B 70 C5 E7 2F AD 39 DA 55 E2 2A C6 28"
The process %original file name%.exe:3148 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2E 76 E4 3F C0 A6 9B A4 4A 53 DB E3 F0 BF F1 5E"
The process %original file name%.exe:2068 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 03 7B E1 BF 5D D7 D2 14 F7 30 34 B2 C8 D5 26"
The process %original file name%.exe:3384 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE 59 C3 D4 F8 85 0D EA 84 0E EA 0B 10 B7 D9 74"
The process %original file name%.exe:628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 5D 38 B9 C0 E2 5C EA B6 CF 14 51 B1 90 BC F9"
The process %original file name%.exe:2300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 E1 D2 41 7F CD EF 2E 45 7B C4 AD 5E 8A 5F CC"
The process %original file name%.exe:4048 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 81 27 BF E5 A1 76 9B BF 74 4A B5 4A C7 D7 45"
The process %original file name%.exe:2380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D2 DC 23 81 DB 73 59 79 38 F6 A3 BE 5B 85 9D 83"
The process %original file name%.exe:1652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 5E 63 A4 9D 4A BB 6E 43 92 7C B7 DF D9 DC 27"
The process %original file name%.exe:2072 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 80 91 22 9A 8C 28 20 44 83 C8 91 3F 70 36 EC"
The process %original file name%.exe:2668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 69 6C 21 7E 52 DD 75 4E 47 14 B4 16 D9 14 EE"
The process %original file name%.exe:308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DB 4E 4F 7B E1 64 95 1D 6F F6 6F DC 08 1A 96 42"
The process %original file name%.exe:2440 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FE 40 67 EC A0 B3 2E 67 5D F0 93 78 1C 46 79 DF"
The process %original file name%.exe:2768 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 B7 8A 6F 06 C4 66 AA 9F 6E DD 94 05 6F C8 7B"
The process %original file name%.exe:3816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 BF 9C B2 CE 7A 30 D3 08 11 3C 27 BF 93 C0 4C"
The process %original file name%.exe:2936 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FF 98 D5 36 13 F2 A9 A3 5D 88 5D 38 FD E8 75 EA"
The process %original file name%.exe:1336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 1D C2 02 F2 6D 03 1F FA 6F FD 65 64 4C 28 0A"
The process %original file name%.exe:2284 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 41 AE B7 36 7D 35 5D A4 A0 92 5E 2B 91 28 87"
The process %original file name%.exe:1632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 22 39 10 24 76 4C 80 F4 45 84 9C 74 1F BE 4E"
The process %original file name%.exe:2884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 9E 50 65 DE 56 79 8B FE 11 E8 B8 D3 09 83 24"
The process %original file name%.exe:3264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "68 74 98 25 A5 EC 34 FB C4 18 44 7B CB 57 8B 57"
The process %original file name%.exe:2256 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C 77 43 E2 EA 6E C1 AA F7 DE 32 26 06 89 FD CE"
The process %original file name%.exe:3552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 C7 D9 BF EE 02 92 99 68 8B AB 1A D8 3F BE C7"
The process %original file name%.exe:4056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A 94 21 B7 EA 03 36 2B 23 DB 22 91 62 A2 AF 7D"
The process %original file name%.exe:3464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 D8 3F 59 AD 23 04 19 93 30 4A CD 68 3E C0 30"
The process %original file name%.exe:1636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "24 06 80 A5 F3 AE 6B 51 6C 55 73 CE 50 01 05 C0"
The process %original file name%.exe:3460 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 C6 68 47 CE 41 1D 74 FF C5 C4 47 88 75 76 E8"
The process %original file name%.exe:3500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "57 17 6C 15 6D CD AD 6C 6B 3C 35 C2 D0 BB 88 E8"
The process %original file name%.exe:2572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DF 92 03 25 E4 08 3F B3 27 3F 57 4F 7F 88 3E D3"
The process %original file name%.exe:1648 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 B6 0B 51 1F 93 5F CA EA 58 5C 76 4D 7E 9C 09"
The process %original file name%.exe:1240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 3D D7 3D A4 4C AD B7 14 52 32 77 F1 13 8E A2"
The process %original file name%.exe:2676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 6C 86 2F 28 53 3D 6B A2 AC 52 8C 3E F7 44 FD"
The process %original file name%.exe:436 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB BD 1D 31 17 09 C4 8C 50 00 E3 3B 67 4E 1E 49"
The process %original file name%.exe:3220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 72 6D 4A 09 1A A8 DE 78 18 64 16 BA E3 F6 F3"
The process %original file name%.exe:2372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B4 18 1E F0 89 1F 95 EB EA 0D 9E 91 01 73 33 2F"
The process %original file name%.exe:2616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6D A7 58 21 6C D3 A0 A8 04 55 51 A5 C5 14 7D EE"
The process %original file name%.exe:3596 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 07 46 7A 7F D4 82 5C 6A BB 96 B9 2B 0D EE D8"
The process %original file name%.exe:3616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 CF 7A 96 50 EE F9 E6 97 AA 4B 76 B3 5D 36 30"
The process %original file name%.exe:3232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "06 7E AB 68 C6 AB 61 15 59 D0 54 4E 2E FD 9C 5F"
The process %original file name%.exe:2920 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 07 9D 94 86 E8 A8 18 99 32 B1 1E E4 21 B8 C6"
The process %original file name%.exe:2456 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 28 0C B2 0D D6 C7 1A E8 9A 10 D9 74 94 0A 4C"
The process %original file name%.exe:2924 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 D4 B8 EF 12 F2 33 EE F1 4B E9 89 50 5B 41 30"
The process %original file name%.exe:456 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 E0 3E 59 32 A0 92 23 10 A7 65 C8 FF 9F A2 B5"
The process %original file name%.exe:332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 35 06 AF EF 53 D7 26 CB 08 DE 20 F8 A6 E9 F3"
The process %original file name%.exe:3604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 B8 00 40 4F 31 3A A5 EA 44 DE E2 E9 98 0B 9B"
The process %original file name%.exe:3124 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 C2 D0 4B 76 41 94 67 03 17 D0 38 10 70 2D 25"
The process %original file name%.exe:2196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "78 2E 51 60 4D A8 51 D2 18 D0 78 05 C7 19 7A A8"
The process %original file name%.exe:3008 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 0E EA F8 03 95 8B 8D 79 74 C2 C8 C9 7D 10 E1"
The process %original file name%.exe:1900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 E3 C9 DB C3 30 02 A9 73 74 C8 78 7B 4B E7 28"
The process %original file name%.exe:2472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 18 2D E8 D2 F8 79 B0 8B 90 82 13 81 A4 36 C9"
The process %original file name%.exe:2200 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 97 1B EE 04 6F 90 8C 67 A7 33 95 EA 76 3E C1"
The process %original file name%.exe:2568 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "16 12 D9 A3 87 D0 12 A9 53 7B 37 7D C6 05 82 A5"
The process %original file name%.exe:3216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 8B F3 16 31 34 0F 69 C1 36 B3 8E C6 95 01 1A"
The process %original file name%.exe:2052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 F6 E2 C2 95 EF 7B 4D D3 BF 9E F1 03 80 0C 7D"
The process %original file name%.exe:4064 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 B1 CA 52 7D F5 0B BD 08 47 B6 9B 8A E9 6B 0E"
The process %original file name%.exe:2056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 3C 37 BA D5 EA 0A EC 3D C1 08 6E 54 25 98 BC"
The process %original file name%.exe:3512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C B9 BB A4 45 17 9F FB 3E 89 3F C1 EF 59 EF F5"
The process %original file name%.exe:3692 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 B6 1C 3E D1 BE 37 34 84 BF D2 46 BB A4 7D 86"
The process %original file name%.exe:1584 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B AC D9 B8 1F 96 81 C6 D4 45 AC 10 65 03 36 78"
The process %original file name%.exe:656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7D 1B 94 75 2F 3A 75 A8 87 7C D4 FF 65 09 CF 0A"
The process %original file name%.exe:652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3B 33 BD B3 45 C0 CA 7D 7A 24 4B A1 AC AF 4E 99"
The process %original file name%.exe:2368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "33 B4 B5 00 76 53 00 74 8D 79 F6 D9 DA 36 8C AD"
The process %original file name%.exe:2684 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C E9 EA 30 19 5C 49 A6 05 C9 AA 40 ED 54 39 BE"
The process %original file name%.exe:3084 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 92 F0 06 C4 EA 21 17 12 AD DA E1 D3 B1 C7 E3"
The process %original file name%.exe:2112 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 A0 78 6E FE 54 5D 0F EE 87 AA 45 98 FE DA 62"
The process %original file name%.exe:2364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 92 09 F6 D1 53 64 DB F1 14 90 5C 3B AD 87 17"
The process %original file name%.exe:3896 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "76 D3 D7 0C 34 86 FC 4C 3C 9F D1 21 78 F3 E9 00"
The process %original file name%.exe:3080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2E 3C F0 6F B2 B4 33 93 11 CF 76 91 2E 24 CC 7C"
The process %original file name%.exe:2116 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3F 38 A0 DE DC FF FD 43 2F 90 C2 89 D4 D6 23 70"
The process %original file name%.exe:1212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F DE 18 6D E6 95 5D 67 C3 A4 29 91 26 A1 9E C6"
The process %original file name%.exe:2584 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 49 78 D2 4B DC 7D 40 BE F3 3F 4B AE 5D F5 57"
The process %original file name%.exe:2580 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 5B 97 23 E1 E7 7F DD 52 AA 1F 5A 41 91 A1 F4"
The process %original file name%.exe:2628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 86 3C AC 2D 3E 4B CF 4C A2 45 C6 FC 4D D6 71"
The process %original file name%.exe:3608 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 00 72 26 93 70 C3 ED D2 77 CC 78 AC A6 E1 3A"
The process %original file name%.exe:3072 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 0B A8 C2 43 2D CA 8A 8C B1 DB 58 B7 D9 CC 91"
The process %original file name%.exe:2180 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 72 75 46 33 1A EA 8C D7 C4 52 5E 8A 67 6C 43"
The process %original file name%.exe:3728 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F4 0B B0 32 86 4F 2B D0 13 D6 65 54 71 CD B4 30"
The process %original file name%.exe:3112 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 46 D1 0E 7A B1 EB 0B 5D 2F 8E 91 72 58 BA 7F"
The process %original file name%.exe:3528 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1A 57 1F 64 9B 4C 5A B0 1B 95 26 99 E3 84 54 13"
The process %original file name%.exe:3884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 DA B5 55 4E EC 1D F7 12 94 4A EB 1E 2E 87 00"
The process %original file name%.exe:2896 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 DE A2 8A 59 27 15 AB AE 1D C5 D4 1A BC 12 B7"
The process %original file name%.exe:2892 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 A7 47 A2 F3 AE 1D D9 6D 7F 41 80 5C 2E 17 A7"
The process %original file name%.exe:3212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 F4 0B CC 81 09 39 C2 98 3E 9B B3 15 51 FE 6B"
The process %original file name%.exe:2516 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 4A 5C 91 E1 0D 85 12 FE 14 DC 37 69 E9 C7 89"
The process %original file name%.exe:2080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 5B B5 B4 87 7F 7B 23 DB 84 F6 FF FA A1 7B 53"
The process %original file name%.exe:4080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 A8 61 B6 46 0F E5 17 4E 95 A5 CF 9C 2A B4 60"
The process %original file name%.exe:2736 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 5B 59 53 83 5B AD 71 F4 81 BE EE D6 E0 B2 53"
The process %original file name%.exe:3864 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BC FC 20 E3 27 6F A4 96 ED DB EE C1 27 4B E9 A3"
The process %original file name%.exe:1928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A E4 8A C9 E3 1A 99 59 82 88 64 B1 A6 90 30 EF"
The process %original file name%.exe:2948 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 AF 73 F5 8D B0 07 69 0D D7 5D 86 9D FB 95 15"
The process %original file name%.exe:232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "35 41 1D 3D 96 64 C0 F3 86 0B B4 32 D4 5C 60 BA"
The process %original file name%.exe:2136 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 54 B1 57 7E 33 24 9F 46 57 86 4E C2 E8 F4 CC"
The process %original file name%.exe:3348 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 92 2A 25 2C 46 7D 7B 0D CA C1 AE FB 08 7D 38"
The process %original file name%.exe:2132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 1A 1B 09 42 A2 FA B8 9C 54 FC C4 0B 25 DA 4B"
The process %original file name%.exe:3100 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 8E BE FF 47 3B 86 F7 07 3D 16 91 FB 33 8B 60"
The process %original file name%.exe:1612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 7A F1 97 D3 25 74 8B B0 20 D7 14 EB AB 3F 13"
The process %original file name%.exe:3184 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 6E 49 AE EF 66 9E C7 4A 08 60 F5 A5 2B 68 63"
The process %original file name%.exe:320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B C2 8C 98 7D 99 2D E4 D4 CE 73 37 FF 92 0C CA"
The process %original file name%.exe:2508 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 C5 43 C3 66 D5 B0 5D B8 01 9B 31 8F 4B CC C6"
The process %original file name%.exe:2748 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FB B5 56 48 98 0B C2 1C 0C 28 F7 B7 29 C8 F1 D6"
The process %original file name%.exe:3872 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 3B 9E 1B 36 D2 4F C2 D7 99 98 D7 A5 2A 83 51"
The process %original file name%.exe:2500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 13 53 A0 06 B8 80 BE FE 51 12 EE B0 B6 52 D4"
The process %original file name%.exe:3916 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D2 62 D7 6D D4 6F FA C4 51 BF D8 7A C0 B1 B4 82"
The process %original file name%.exe:204 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4F 4A EA 6F 71 F4 86 B4 44 E1 E0 83 DF A3 AF 22"
The process %original file name%.exe:2640 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 1D 26 54 47 AA 34 F8 3E 38 B9 DA 35 23 51 FB"
The process %original file name%.exe:3476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 6E 81 45 1B C2 2C 1F F7 56 62 EA 53 83 6B E9"
The process %original file name%.exe:3052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AD AA FD AE B7 8F 9F 3B 80 05 3C 96 F2 B9 02 FF"
The process %original file name%.exe:3704 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C3 0B 7C E3 B3 AA 0B 11 DB 52 C9 6E 67 CD F8 AF"
The process %original file name%.exe:3780 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA 02 CA CB 2C C7 B7 53 F5 72 FE 41 39 31 E3 69"
The process %original file name%.exe:1804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 7F 5B 81 9F 5A 7B F5 83 91 FB 87 93 A5 F7 7F"
The process %original file name%.exe:3788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E 8C EA 40 51 C2 B8 08 D6 CE 10 29 C3 F2 41 C1"
The process %original file name%.exe:3524 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 B9 1E A9 2D 82 03 41 A9 20 A4 60 45 78 E6 FD"
The process %original file name%.exe:3424 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 C6 A1 6C E5 4A 67 CA FC B5 58 00 BB D8 DD 91"
The process %original file name%.exe:472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "50 75 A2 9B EA 0B 5A 90 E3 40 31 69 01 01 7B 78"
The process %original file name%.exe:3196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 7C 87 34 7F 8F 8B 91 82 CC 0E D4 E8 02 35 5E"
The process %original file name%.exe:808 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 03 02 32 DC 46 AD 06 FA EA F9 4C 18 3B F4 70"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
The process NesIMIQs.exe:1208 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 01 2B 56 28 94 D9 72 EA 33 6C 32 4D 59 59 75"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
Dropped PE files
| MD5 | File path |
|---|---|
| b888c4f82fbe5eb166c6bb648eeb4b4a | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe |
| 36b2caf985baaf86c608b6afee5bb89b | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe |
| af3db351202adfa753faad12a9c23a84 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe |
| ae77a191b20333cfd06ec89c3d8219f4 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe |
| efdcd3be9797a054fb9be862750a80a5 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe |
| 3d5ab9a307c54fac4d2d254f51aa4577 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe |
| 0e4521ec960d2f69057f6633807f4a9e | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe |
| a981fc41577f0b7ac2569c198a6abefc | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe |
| e8042a314146cd304c6799568a5a1161 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe |
| 715626b77e85754953f5b1b96e5a6e84 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe |
| b0a732f5fb5b058e978f292e18165153 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe |
| 475b89d5f951ef9cd271a210bd43c38d | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe |
| bfa2583c7dc53f850f2113ce499963de | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe |
| c7d8fe4c067809dd7c77f532307cbb53 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe |
| f0875297858fb1100312b95422ba8c7d | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe |
| 6b3c0579fda5c4348067d60407c83b06 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe |
| 7b8791bce84489066f91877c6a859fa9 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe |
| dfe0566dc924bf58fae26bdd979014bb | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe |
| aeb6f6033583722360a97703fb143273 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe |
| 730f1b0a316142c390c8d88a467b6c67 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe |
| 7eae90d79c451e0546cd1dbc31482563 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe |
| 9b4c2c8e3eaca2754a8a401b95cc2864 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe |
| d602f64e1e964c7639047895e5e72aa0 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe |
| 68787dc74968a75e9a33ac27003e4aac | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe |
| f415fd125eb289b87b3f4f1b5952834a | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe |
| 3b565c22420f87c8e259ec0bbd9f58f1 | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe |
| 696a7dc3614119668b427a6247424e28 | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe |
| 3fee9d86213800fc39cc2da7557abf29 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe |
| c413e3902574575c45929e135236ada1 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe |
| 0aee605af5e3c45e966a778db7dbaded | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe |
| a404531bf7f0f9adc2583d202cce1fee | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe |
| 4f537cc7e2088332c5d49f5756ef4979 | c:\Documents and Settings\All Users\JuwEIgUE\reIEcoQI.exe |
| 82f63d5baac4ec2229de90d15c0d2028 | c:\Documents and Settings\All Users\hcYYccwo\NesIMIQs.exe |
| 00772971d0196a037cd5dbfed2a03d31 | c:\Documents and Settings\"%CurrentUserName%"\dUskcAww\fGAwoYMM.exe |
| ab17617f019127a9023859e543ea0784 | c:\Perl\eg\IEExamples\ie_animated.gif.exe |
| 40a3dcf8ba91958565fb3653e84b78bf | c:\Perl\eg\IEExamples\psbwlogo.gif.exe |
| 74a8635d520b1fdab8f42aa1eefaf75f | c:\Perl\eg\aspSamples\ASbanner.gif.exe |
| 31f830f2216c45b22710ad120c4159d2 | c:\Perl\eg\aspSamples\Main_Banner.gif.exe |
| 789012f09a4bd8f3e7df44d4fcf71434 | c:\Perl\eg\aspSamples\psbwlogo.gif.exe |
| 4f92808ce364150241eab2731d572ec5 | c:\Perl\html\images\AS_logo.gif.exe |
| c720ab0b1041ec1010c7a882871b2d45 | c:\Perl\html\images\PerlCritic_run.png.exe |
| 2b71262fda32e9ae0bc8106ea10751e4 | c:\Perl\html\images\aslogo.gif.exe |
| eb4ba078a75c1b9b7c0b7c45b0246f5e | c:\Perl\html\images\ppm_gui.png.exe |
| c17a578db75f7104778d4f155f3cc153 | c:\Perl\lib\ActivePerl\PPM\images\gecko.png.exe |
| 17a791fbf97b060aea031ec5ad24261b | c:\Perl\lib\ActivePerl\PPM\images\perl_48x48.png.exe |
| aaf33ba5067d9afaf69b8d7d1e82923b | c:\Perl\lib\Devel\NYTProf\js\asc.png.exe |
| be430a456191eb9b0b0f93983133a50b | c:\Perl\lib\Devel\NYTProf\js\bg.png.exe |
| 3239a88443bd4bde572cf5ef0936e7c9 | c:\Perl\lib\Devel\NYTProf\js\desc.png.exe |
| 56cb725230bd65772bc94aeba8040fe2 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient.png.exe |
| 2381856a7b06233cb8944086d0145887 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient20.png.exe |
| 29dba66b70e5a13b6dcf671cb98d55a4 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient30.png.exe |
| db81c3b085e4a7d91324bf640832c6e3 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient40.png.exe |
| 7bf599d3ac4f10f6a140feec11cdf6fb | c:\Perl\lib\Devel\NYTProf\js\jit\gradient50.png.exe |
| df5e4546183404c5981aff8e8a619bda | c:\Perl\lib\Mozilla\CA\cacert.pem.exe |
| 84196bd328722963e4e010ed3cb3bb4a | c:\totalcmd\TCMADMIN.EXE.exe |
| 3033330d803468719d49b0c198a606fa | c:\totalcmd\TCMDX32.EXE.exe |
| c797d0ee32ff39ebaca498e3532cbee5 | c:\totalcmd\TCUNINST.EXE.exe |
| e2fb0b76b4200328d2f2fb6be8c67167 | c:\totalcmd\TOTALCMD.EXE.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
cscript.exe:2712
cscript.exe:2964
cscript.exe:3576
cscript.exe:212
cscript.exe:3712
cscript.exe:2844
cscript.exe:1308
cscript.exe:2096
cscript.exe:2092
cscript.exe:3652
cscript.exe:2524
cscript.exe:3172
cscript.exe:3856
cscript.exe:2404
cscript.exe:3852
cscript.exe:2400
cscript.exe:1676
cscript.exe:2464
cscript.exe:1316
cscript.exe:3884
cscript.exe:1920
cscript.exe:3936
cscript.exe:1796
cscript.exe:3332
cscript.exe:1496
cscript.exe:264
cscript.exe:3408
cscript.exe:3756
cscript.exe:3248
cscript.exe:2556
cscript.exe:2492
cscript.exe:3032
cscript.exe:3244
cscript.exe:2416
cscript.exe:2060
cscript.exe:2256
cscript.exe:2148
cscript.exe:3772
cscript.exe:3776
cscript.exe:1324
cscript.exe:3628
cscript.exe:2908
cscript.exe:3828
cscript.exe:332
cscript.exe:3272
cscript.exe:2824
cscript.exe:3676
cscript.exe:4044
cscript.exe:1712
cscript.exe:2780
cscript.exe:2544
cscript.exe:2300
cscript.exe:2980
cscript.exe:2304
cscript.exe:2268
cscript.exe:2388
cscript.exe:364
cscript.exe:2076
cscript.exe:2288
cscript.exe:3664
cscript.exe:2444
cscript.exe:3952
cscript.exe:2932
cscript.exe:3956
cscript.exe:3152
cscript.exe:3456
cscript.exe:3312
cscript.exe:2832
cscript.exe:3316
cscript.exe:2452
cscript.exe:4056
cscript.exe:2044
cscript.exe:3464
cscript.exe:3212
cscript.exe:3396
cscript.exe:3012
cscript.exe:3504
cscript.exe:1240
cscript.exe:2168
cscript.exe:3512
cscript.exe:432
cscript.exe:2616
cscript.exe:3612
cscript.exe:2612
cscript.exe:624
cscript.exe:3804
cscript.exe:2296
cscript.exe:1228
cscript.exe:3004
cscript.exe:2808
cscript.exe:3268
cscript.exe:252
cscript.exe:4084
cscript.exe:172
cscript.exe:1632
cscript.exe:2204
cscript.exe:1980
cscript.exe:2056
cscript.exe:2560
cscript.exe:2564
cscript.exe:3088
cscript.exe:2368
cscript.exe:2112
cscript.exe:3080
cscript.exe:2360
cscript.exe:2428
cscript.exe:3860
cscript.exe:2152
cscript.exe:636
cscript.exe:564
cscript.exe:2180
cscript.exe:2184
cscript.exe:3724
cscript.exe:3284
cscript.exe:160
cscript.exe:3280
cscript.exe:2212
cscript.exe:3448
cscript.exe:3376
cscript.exe:3964
cscript.exe:2752
cscript.exe:2352
cscript.exe:2100
cscript.exe:2692
cscript.exe:3968
cscript.exe:2104
cscript.exe:2864
cscript.exe:2732
cscript.exe:2868
cscript.exe:2572
cscript.exe:2636
cscript.exe:3632
cscript.exe:1288
cscript.exe:3148
cscript.exe:2816
cscript.exe:2948
cscript.exe:2940
cscript.exe:2136
cscript.exe:3108
cscript.exe:876
cscript.exe:2224
cscript.exe:2740
cscript.exe:1752
cscript.exe:644
cscript.exe:4092
cscript.exe:2872
cscript.exe:2724
cscript.exe:3912
cscript.exe:3708
cscript.exe:3544
cscript.exe:2332
cscript.exe:3540
cscript.exe:1280
cscript.exe:2232
cscript.exe:3220
cscript.exe:3104
cscript.exe:2000
cscript.exe:476
cscript.exe:2532
%original file name%.exe:2964
%original file name%.exe:3712
%original file name%.exe:2652
%original file name%.exe:2844
%original file name%.exe:1260
%original file name%.exe:2280
%original file name%.exe:2968
%original file name%.exe:2840
%original file name%.exe:3320
%original file name%.exe:4024
%original file name%.exe:2096
%original file name%.exe:4020
%original file name%.exe:2092
%original file name%.exe:3656
%original file name%.exe:3044
%original file name%.exe:3652
%original file name%.exe:3556
%original file name%.exe:1948
%original file name%.exe:2320
%original file name%.exe:2592
%original file name%.exe:1940
%original file name%.exe:2480
%original file name%.exe:2400
%original file name%.exe:3804
%original file name%.exe:2244
%original file name%.exe:2240
%original file name%.exe:816
%original file name%.exe:3836
%original file name%.exe:336
%original file name%.exe:3764
%original file name%.exe:3768
%original file name%.exe:3492
%original file name%.exe:2656
%original file name%.exe:1956
%original file name%.exe:4036
%original file name%.exe:3408
%original file name%.exe:3672
%original file name%.exe:2452
%original file name%.exe:3640
%original file name%.exe:2552
%original file name%.exe:1060
%original file name%.exe:2992
%original file name%.exe:3240
%original file name%.exe:2396
%original file name%.exe:2412
%original file name%.exe:532
%original file name%.exe:296
%original file name%.exe:3848
%original file name%.exe:1380
%original file name%.exe:2252
%original file name%.exe:1908
%original file name%.exe:196
%original file name%.exe:3944
%original file name%.exe:1924
%original file name%.exe:3148
%original file name%.exe:2068
%original file name%.exe:3384
%original file name%.exe:628
%original file name%.exe:2300
%original file name%.exe:4048
%original file name%.exe:2380
%original file name%.exe:1652
%original file name%.exe:2072
%original file name%.exe:2668
%original file name%.exe:308
%original file name%.exe:2440
%original file name%.exe:2768
%original file name%.exe:3816
%original file name%.exe:2936
%original file name%.exe:1336
%original file name%.exe:2284
%original file name%.exe:1632
%original file name%.exe:2884
%original file name%.exe:3264
%original file name%.exe:2256
%original file name%.exe:3552
%original file name%.exe:4056
%original file name%.exe:3464
%original file name%.exe:1636
%original file name%.exe:3460
%original file name%.exe:3500
%original file name%.exe:2572
%original file name%.exe:1648
%original file name%.exe:1240
%original file name%.exe:2676
%original file name%.exe:436
%original file name%.exe:3220
%original file name%.exe:2372
%original file name%.exe:2616
%original file name%.exe:3596
%original file name%.exe:3616
%original file name%.exe:3232
%original file name%.exe:2920
%original file name%.exe:2456
%original file name%.exe:2924
%original file name%.exe:456
%original file name%.exe:332
%original file name%.exe:3604
%original file name%.exe:3124
%original file name%.exe:2196
%original file name%.exe:3008
%original file name%.exe:1900
%original file name%.exe:2472
%original file name%.exe:2200
%original file name%.exe:2568
%original file name%.exe:3216
%original file name%.exe:2052
%original file name%.exe:4064
%original file name%.exe:2056
%original file name%.exe:3512
%original file name%.exe:3692
%original file name%.exe:1584
%original file name%.exe:656
%original file name%.exe:652
%original file name%.exe:2368
%original file name%.exe:2684
%original file name%.exe:3084
%original file name%.exe:2112
%original file name%.exe:2364
%original file name%.exe:3896
%original file name%.exe:3080
%original file name%.exe:2116
%original file name%.exe:1212
%original file name%.exe:2584
%original file name%.exe:2580
%original file name%.exe:2628
%original file name%.exe:3608
%original file name%.exe:3072
%original file name%.exe:2180
%original file name%.exe:3728
%original file name%.exe:3112
%original file name%.exe:3528
%original file name%.exe:3884
%original file name%.exe:2896
%original file name%.exe:2892
%original file name%.exe:3212
%original file name%.exe:2516
%original file name%.exe:2080
%original file name%.exe:4080
%original file name%.exe:2736
%original file name%.exe:3864
%original file name%.exe:1928
%original file name%.exe:2948
%original file name%.exe:232
%original file name%.exe:2136
%original file name%.exe:3348
%original file name%.exe:2132
%original file name%.exe:3100
%original file name%.exe:1612
%original file name%.exe:3184
%original file name%.exe:320
%original file name%.exe:2508
%original file name%.exe:2748
%original file name%.exe:3872
%original file name%.exe:2500
%original file name%.exe:3916
%original file name%.exe:204
%original file name%.exe:2640
%original file name%.exe:3476
%original file name%.exe:3052
%original file name%.exe:3704
%original file name%.exe:3780
%original file name%.exe:1804
%original file name%.exe:3788
%original file name%.exe:3524
%original file name%.exe:3424
%original file name%.exe:472
%original file name%.exe:3196
%original file name%.exe:808 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\ucMsUAgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qukEcMok.bat (4 bytes)
C:\d2a676784026c3ad5030b692fe5cca1d (1754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BMksEAcY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nwIkMcYg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HGAUksMo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cKQIUIUE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IkEUEMQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rioUMEoU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oIMwwgwM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZKkMQwUY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IaoUEMgY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ogEMksUU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aEUosYEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PQIEggEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SEEIYwgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dSEAIgYc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vQYoMwoY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UYYYIYEA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EYgAYcMY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kKIkAkQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mUEEYEoE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LCAgQYYs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mQwYAQYs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\doQksAII.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FOsAsYok.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zAscUIMM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RYcsAAsQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nIcEYcMU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DQwYIcQM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yOkskYAA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GqEYwAQE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TUsgEowQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EaYkQIEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YOAssYUs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oEMgMAgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mYAoscMA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NqwAYMAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JYoEsQYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rOsQEEYw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LCAgIIEc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YcUcMUYY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\naMQoUwA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vMokUgcw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tscEYQoQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sSgsAcos.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dOAcAgQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZuoAIYMI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GGAogAwU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mGAYAooA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\acAYkUAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sgQkkEYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UwcocYAM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PsQQgEks.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ACIEgcQA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KqAgYUYY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yyIAsYYA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HmAUogIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jeokcEgw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VwMYgMYc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HGkMYUoM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cAQoYcMQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gOgIQkkw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kGEYEQIo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UOwUkQgs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qkIQcooc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BAEwgQIc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oOkogEgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JYssgwcI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EoYUUAYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VYQgEsAs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JywEokow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OaAsQsoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iuEkMcwk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bCQsQAYQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZOwEMcoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pSQYYAIc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fCocgooY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gIMkIYUY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZeMQEAko.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kIkoMkUU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MowkcEcI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GoQIookk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LaswEYMc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uickkkcQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GmEEYgQo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oeUkUUYE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bGQQIcwM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jeMYMYQc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NYgMUMEM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IsggMMwM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UUcAoAYg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cmUMQcsw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GsEMQAwM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xsQscAkc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZukEsAIs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rQksgwIU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aoscQUEM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oKMkgwQQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BCwIYIsA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XsIQoQYk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bQEYQkUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AAgskYkI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xokokIkI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KakYEkYc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ROQMgkoE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VQMwEsow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IMkQIMMM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nesYAIUc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZGYAIMQY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jYEcIAMU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TQgEwsEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KqssMAgk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jQckIcoQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dqgUkogU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FYgUooYA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\goEIQQQQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AEUYkogM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RQocoIAI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\poAsoksQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dWIAgsww.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LqYMwQAk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SmIAIEAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LsUMoIAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AqUsAggo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kSMgMkcE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YMAYUEgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CuckIkoI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WCQMIsMs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sWAMQYgU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AgcYEgYw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wIkIIQwA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SigQMIwc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lSAogUoA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tkAggsgo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LGkAgAUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oEIgQQMQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bGUsUcks.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wUkAIkoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\peoIIEkc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QyAwosIU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GywYksME.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fyAkUAIg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JKckQUUI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hWwoAAUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CkMswcAA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uMYsYQYg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LCAMYAoQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\COowEQUI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tOMEoAQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VMccwoEU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jYcUgYkQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tckUUUIY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CggMEsEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yaEEwIwg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kGIEkIQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UqsMAMkA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yooMMkQY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ymMMYcwM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RkAokEEg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QegwskMs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UUoEYoIo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bgAQQMsQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lIUAAEgM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PsYcYYow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FmMcwYkM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CyEcIsYc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XmMwMckQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zWgwYoAk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sagIIgcc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zqQcsMMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsIIMsYk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GKsIEgkg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UmsMYEYg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FugwQUMM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MeoQAggY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zicokgcE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nqkEQsUA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UAYIIQIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KWoQUQMY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AOscQUYc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LyowocII.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MsgMoMoI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MkwIEcgk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nCoEsYcY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rEgIoYAg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IwYQUQgU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BQYYAAkc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RmscUoQo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dgQEocQY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GQIsEEoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gsYMowUU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dcgcQosA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xQsYIocM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rAIQQMwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PoMokkss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bOAgQUwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xqMkYEAo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oqMgQMYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lygMYQss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rCswwQgg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JcgIsAUM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\okEwUgMY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dMsMAAIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WakEwkkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JAoEUEUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gscEYoUw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SwQkYAMA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wEEMsMIU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RkUEogQg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JwEMAwco.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ROMMAIoI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TmoIIYok.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mQUEYMcQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JaQQQAUg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sucwMAok.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xwwUMgMw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pUYYkYMg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mwoUUQok.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TAIoQQMs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nKgcQAgs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KwkcwkoA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NuEoAYIA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LiksMkkI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\msIkoIEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gIEEwoQE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zMEAIQIE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DowAgooQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qsAkwswk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iQEswoAc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eucYQock.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eqQQEEQs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qUcMAsUg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JyAMwsEw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MsIEkMkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tAYQUwMA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ccEkEEIw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xeIgsoEg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VmUgkwsg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SyYUAwsE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KgsosYQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ywUQsIwY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eSEwMgQc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EuQQIcMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kCgkEQgo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\heUoIEMk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QwwwMgss.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rUYMokkk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gGsEIggU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VYoIogoU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WEAkYoEU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fgwgwwgI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Lmcwkowg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZOQsMMwo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KCMAUYUs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CoAkEcgQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MAsoEEAw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qeUMUMUI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UMMooEwQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GWggkcYE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GAoAIcQU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kiAsIwww.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SiYkUsUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mYgkoUkA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IKAYogsg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zqowMQkY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OOgIsYcA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qogIYEYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EOkMQIQI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sAAgQUAo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aoUwQwMI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HAEoAQcQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sIwMEwsQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gEsEQUEU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xCcwgIgM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YogUMkcs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UQoMgwYU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tkYEAMYU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oAwEQocY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NuckEQcU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LAEEokEw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JQAAswsI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jAkskQsU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FsUQIIUc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qsEAYgEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UwkksUAs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AmIIcYgg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iGAYgAwE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AWMQgkMw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AGgEYMks.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fyEksIsU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XsEIUwQs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IAwAkgcM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qKIEsQkY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NWcAYsQY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HsQQYoEE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gywYwQsY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hSEAEoEA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AeMYgEEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ACgYcooA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MgAUYocw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lgAcssco.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xGcUkAks.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BGwIkscM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qUoYkssU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iWQQcgMY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GcwkIAMA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RQEgQIQs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lIMkcEAk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oywIwYow.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SGcQwAQk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HEkYoUsU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KUIQEgMQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fgcYgEEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OmMUgkME.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xoUUIEMc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iSAskYwk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vAkQgIoE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SWUwUAAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aaAwAEAQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\huMwssgc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PosYcAUc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EUscEYYM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SMcYMUcA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OesMsIQw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WQIcskQw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cAkMUoYw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QekMQcsI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qOwIAoEc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QIowwkoc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ikMIsMEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QeYwgAMg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UCEMkQQM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\auEoAEEY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gKgYckcs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\liAYUMMY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WukUIMQw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nMwooAwg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dOAgcUIg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\coswwkcw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tuEwAsso.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tkkEwMgs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ncQUcoIY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iigwMMAk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IOsYsoEU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\liUYEgsM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WUMgwIUA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LMYwcUso.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VaEUkMwU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nmAUYcQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YUkoAIYI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zMIUskgI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lcgwkcog.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zuYcYYIE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QAEAkwQE.bat (112 bytes)
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe (3825 bytes)
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe (4137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LsUoEUQc.bat (4 bytes)
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe (3921 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (7726 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (2321 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (30812 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (2321 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (3073 bytes)
C:\totalcmd\TcUsbRun.exe (3073 bytes)
C:\totalcmd\TCUNINST.EXE.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\KAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (3073 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (3361 bytes)
C:\totalcmd\TCMDX32.EXE.exe (3361 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (5441 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (2321 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (2321 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 917504 | 914944 | 4.87874 | 5dd92d89f6f808435848c466c8ef74a5 |
| .rdata | 921600 | 4096 | 512 | 2.29846 | a25ed7cb967654b35089f5afa895981a |
| .data | 925696 | 178 | 512 | 2.36376 | 5eafb0639db8f96905550ce2731a746f |
| .rsrc | 929792 | 6940 | 7168 | 3.99048 | 52ab1542675adefc4a64b7c31b54c073 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://google.com/ | 173.194.113.201 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Trojan connects to the servers at the folowing location(s):