Creates the following files:
- %APPDATA%\%USERNAME%-wchelper.dll
- %APPDATA%\88E6680F\ak.tmp
- %TEMP%\%USERNAME%7
- %TEMP%\2115B.dmp
- %TEMP%\%USERNAME%8
- %TEMP%\dw.log
- %TEMP%\Trojan.exe
- %HOMEPATH%\Local Settings\Tempcmd.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
- %TEMP%\%USERNAME%2.txt
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
Sets the 'hidden' attribute to the following files:
- %APPDATA%\%USERNAME%-wchelper.dll
- %HOMEPATH%\Local Settings\Tempcmd.exe
Deletes the following files:
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%2.txt
Moves the following files:
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch