Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] '' = 'ќ'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] ' ' = ''
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" BASEBOARD get /value
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" DESKTOPMONITOR get /value
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" DESKTOP get /value
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" BIOS get /value
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" LOGICALDISK get /value
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" SOUNDDEV get /value
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" CPU get /value
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" /namespace:\\root\SecurityCenter path AntiSpywareProduct get /value
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" /namespace:\\root\SecurityCenter path AntiVirusProduct get /value
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\nt.cmd" "%PROGRAM_FILES%\nt.log" "%PROGRAM_FILES%\Microsoft Games\Commons\i1""
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" /namespace:\\root\SecurityCenter path FirewallProduct get /value
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" LOGON get /value
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" TIMEZONE get /value
- <SYSTEM32>\wbem\wmic.exe /failfast:on /append:"%PROGRAM_FILES%\nt.log" OS get /value
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-a9d7ebbc
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-a85e51ca
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-a8329650
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-2fb08860
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-56d4387a
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-f4cc11bd
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-f4b02875
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-af905da
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-cdd43f52
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-7008bdf3
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-7f85b391
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-6a9e4718
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-13aa8f86
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-660586f8
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-3d1e5540
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-3a490882
- <SYSTEM32>\wbem\ќ
- %PROGRAM_FILES%\Microsoft Games\Commons\000003
- %PROGRAM_FILES%\Microsoft Games\Commons\00002
- <SYSTEM32>\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- <SYSTEM32>\wbem\Logs\WMIC.LOG
- <SYSTEM32>\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- %TEMP%\tmp8.tmp
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-3cf70484
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-c810d3ba
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-223db346
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-cd29ab88
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-de959b6
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-c5cd9183
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-12cceb8d
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-2b81fc57
- %TEMP%\tmp7.tmp
- %TEMP%\tmp6.tmp
- %PROGRAM_FILES%\nt.log
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-b01d53a3
- %PROGRAM_FILES%\Microsoft Games\Commons\00000
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-c71f56b6
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-fb9ba26
- %PROGRAM_FILES%\nt.cmd
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\d09e56e3-076f-451f-9bd7-cdafff0383fa
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\85c14c8bb87418bd9929adba2a9e9412_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %TEMP%\ms1622.tmp
- %PROGRAM_FILES%\Microsoft Games\Commons\m.d
- <Current directory>\<Virus name>.doc
- %PROGRAM_FILES%\Microsoft Games\Commons\tm0001
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-98c1bfc4
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-920ba2c7
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-83a01120
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-3cab2596
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-8acabf66
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-5b52b0ff
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-ba58744e
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-1dbc8ee2
- %PROGRAM_FILES%\Microsoft Games\Commons\tm0005
- %PROGRAM_FILES%\Microsoft Games\Commons\tm0003
- %PROGRAM_FILES%\Microsoft Games\Commons\tm0002
- %PROGRAM_FILES%\Microsoft Games\Commons\tm0004
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-dbf698d1
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-cf464f1e
- %PROGRAM_FILES%\Microsoft Games\Commons\000001
- <SYSTEM32>\wbem\ќ
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-a9d7ebbc
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-a85e51ca
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-a8329650
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-c5cd9183
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-ba58744e
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-af905da
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-83a01120
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-7f85b391
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-7008bdf3
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-98c1bfc4
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-920ba2c7
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-8acabf66
- %PROGRAM_FILES%\Microsoft Games\Commons\00002
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-f4cc11bd
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-f4b02875
- <SYSTEM32>\wbem\ќ
- %TEMP%\tmp8.tmp
- %TEMP%\tmp7.tmp
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-cdd43f52
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-cd29ab88
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-c810d3ba
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-de959b6
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-dbf698d1
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-cf464f1e
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-6a9e4718
- %PROGRAM_FILES%\Microsoft Games\Commons\tm0004
- %PROGRAM_FILES%\Microsoft Games\Commons\tm0003
- %PROGRAM_FILES%\Microsoft Games\Commons\tm0002
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-12cceb8d
- %PROGRAM_FILES%\Microsoft Games\Commons\00000
- %PROGRAM_FILES%\Microsoft Games\Commons\tm0005
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-b01d53a3
- %TEMP%\tmp6.tmp
- <SYSTEM32>\Restore\MachineGuid.txt
- %PROGRAM_FILES%\Microsoft Games\Commons\tm0001
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-fb9ba26
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-c71f56b6
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-3d1e5540
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-3cf70484
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-3cab2596
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-660586f8
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-5b52b0ff
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-56d4387a
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-223db346
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-1dbc8ee2
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-13aa8f86
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-3a490882
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-2fb08860
- %PROGRAM_FILES%\Microsoft Games\Commons\787897698827-2296801295-3-2b81fc57
- '10#.#75.159.114':80
- 'pg#.eu.com':80
- 'sk###.se.net':80
- 'uk###ivat.com':80
- 10#.#75.159.114/cm.php?do##
- 10#.#75.159.114/cm.php?do###
- pg#.eu.com/cm.php?do##
- pg#.eu.com/cm.php?do###
- sk###.se.net/cm.php?do###
- sk###.se.net/cm.php?do##
- uk###ivat.com/cm.php?do###
- uk###ivat.com/cm.php?do##
- DNS ASK pg#.eu.com
- DNS ASK uk###ivat.com
- DNS ASK sk###.se.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''