Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MSKernel32' = '<SYSTEM32>\MSKernel32.vbs'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Win32DLL' = '%WINDIR%\Win32DLL.vbs'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- '<SYSTEM32>\taskkill.exe' /im opera.exe /f /t
- opera.exe
- %TEMP%\TROJ_510.EXE
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\searchbar.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\setDesktopBackground.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\syncCommon.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\syncQuota.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\syncSetup.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\pageInfo.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\sanitizeDialog.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\feeds\subscribe-ui.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\places\organizer.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\places\places.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\preferences\applications.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\preferences\preferences.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\tabview\tabview.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\feeds\subscribe.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\places\editBookmarkOverlay.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\inspector.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\fullscreen-video.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\engineManager.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\permissionsutils.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\privacy.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\security.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\selectBookmark.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\sync.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\tabs.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\permissions.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\safebrowsing\sb-loader.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\search\searchbarBindings.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\aboutCertError.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\aboutPrivateBrowsing.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\aboutSessionRestore.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\aboutSyncTabs.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\browser.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\search\engineManager.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\aboutCertError.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\aboutPrivateBrowsing.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\aboutSessionRestore.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\aboutSyncTabs.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\communicator\communicator.vbs
- %ProgramFiles%\FireFox\chrome\en-US\locale\en-US\global\intl.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\certerror.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\certManager.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\certpicker.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\choosetoken.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\clientauthask.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\createCertInfo.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\crlImportDialog.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\crlManager.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\deletecert.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\device_manager.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\downloadcert.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\editcerts.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\escrowWarn.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\tabview\tabview.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\preferences\applications.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\preferences\preferences.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\places\places.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\browser.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\engineManager.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\fullscreen-video.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\inspector.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\pageInfo.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\sanitizeDialog.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\searchbar.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\setDesktopBackground.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\syncCommon.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\syncQuota.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\syncSetup.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\feeds\subscribe-ui.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\feeds\subscribe.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\places\editBookmarkOverlay.vbs
- %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\places\organizer.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\exceptionDialog.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\main.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\languages.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\handlers.vbs
- %CommonProgramFiles%\Microsoft Shared\Stationery\Glacier Bkgrd.jpg.vbs
- %CommonProgramFiles%\Microsoft Shared\Stationery\Leaves Bkgrd.jpg.vbs
- %CommonProgramFiles%\Microsoft Shared\Stationery\Maize Bkgrd.jpg.vbs
- %CommonProgramFiles%\Microsoft Shared\Stationery\Nature Bkgrd.jpg.vbs
- %CommonProgramFiles%\Microsoft Shared\Stationery\Pie Charts Bkgrd.jpg.vbs
- %CommonProgramFiles%\Microsoft Shared\Stationery\Clear Day Bkgrd.jpg.vbs
- %CommonProgramFiles%\Microsoft Shared\Stationery\Fiesta Bkgrd.jpg.vbs
- %CommonProgramFiles%\Microsoft Shared\Stationery\Sunflower Bkgrd.jpg.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutHome.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutSessionRestore.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutSyncTabs.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\browser.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\nsContextMenu.vbs
- %ProgramFiles%\FireFox\greprefs.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutDialog.vbs
- %TEMP%\bsoxwkaf\jskgxamr.jpg.vbs
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chrome\userContent-example.vbs
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chrome\userChrome-example.vbs
- %TEMP%\bsoxwkaf\jskgxamr.jpg
- %TEMP%\bsoxwkaf\jwkkhqfq.cmd
- %TEMP%\bsoxwkaf\rundll32.exe
- %TEMP%\bsoxwkaf\yyrrcadn.vbs
- <SYSTEM32>\MSKernel32.vbs
- %WINDIR%\Win32DLL.vbs
- %TEMP%\bsoxwkaf\gubybjyr.vbs
- <SYSTEM32>\LOVE-LETTER-FOR-YOU.TXT.vbs
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.vbs
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.vbs
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.vbs
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.vbs
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.vbs
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\sessionstore.vbs
- <SYSTEM32>\LOVE-LETTER-FOR-YOU.HTM
- %ProgramFiles%\FireFox\chrome\browser\content\browser\openLocation.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\safeMode.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\sanitize.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\sanitizeDialog.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\places\bookmarkProperties.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\places\browserPlacesViews.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\places\controller.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\places\editBookmarkOverlay.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\places\history-panel.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\places\moveBookmarks.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\places\organizer.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\places\places.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\places\treeView.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\advanced.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\applicationManager.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\applications.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\connection.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\content.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\cookies.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\security.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\pageInfo.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\permissions.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\feeds.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\setDesktopBackground.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\syncAddDevice.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\syncGenericChange.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\syncQuota.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\syncSetup.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\syncUtils.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\tabbrowser.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\tabview.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\utilityOverlay.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\web-panels.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\bookmarks\bookmarksPanel.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\bookmarks\sidebarUtils.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\certerror\aboutCertError.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\feeds\subscribe.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\migration\migration.vbs
- %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\fonts.vbs
- %ProgramFiles%\FireFox\chrome\pippki\content\pippki\formsigning.vbs
- %TEMP%\bsoxwkaf\jskgxamr.jpg
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- '%TEMP%\TROJ_510.EXE'
- '<SYSTEM32>\wscript.exe' "%TEMP%\bsoxwkaf\yyrrcadn.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\bsoxwkaf\gubybjyr.vbs"
- '%TEMP%\bsoxwkaf\rundll32.exe' a -r %USERNAME%_ora_5124.arj %APPDATA%\Opera\
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\bsoxwkaf\jwkkhqfq.cmd" "