The executable name is 6 randomly generated lower-alphabetic characters.
C:\Documents and Settings\Administrator\My Documents\cbfrxd.exe
C:\Documents and Settings\Administrator\My Documents\gdtfwl.exe
C:\Documents and Settings\Administrator\My Documents\kswymt.exe
C:\Documents and Settings\Administrator\My Documents\anlbux.exe
C:\Documents and Settings\Administrator\My Documents\dsjtfc.exe
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ELICZ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\ELICZ
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\Temp
TMP=C:\WINDOWS\Temp
USERDOMAIN=ELICZ
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
Index PPID PID Process Name
0000 0 0 [System Process]
0001 0 4 System
0002 4 12 smss.exe
0003 12 20 csrss.exe
0004 12 28 winlogon.exe
0005 28 36 services.exe
0006 28 44 lsass.exe
0007 36 52 svchost.exe
0008 36 60 spoolsv.exe
0009 65524 68 explorer.exe
0010 36 540 msascui.exe
0011 36 76 AVP.EXE
0012 36 84 PCCTOOL.EXE
0013 36 92 TMPROXY.EXE
0014 36 100 OUTPOST.EXE
0015 36 108 VSSERV.EXE
0016 36 116 ZAPRO.EXE
0017 36 124 REALMON.EXE
0018 36 132 VETMSG.EXE
0019 36 140 VETTRAY.EXE
0020 36 148 ZLCLIENTE.EXE
0021 36 156 ZONEALARM.EXE
0022 36 164 ZLCLIENT.EXE
0023 36 172 CCAPP.EXE
0024 36 180 CCSETMGR.EXE
0025 36 188 CCEVTMGR.EXE
0026 36 196 SCCOMM.EXE
0027 36 204 CCCPROXY.EXE
0028 36 212 NAVW32.EXE
0029 36 220 NAVAPSVC.EXE
0030 36 228 NPFMNTOR.EXE
0031 36 236 CPDCLNT.EXE
0032 36 244 PCCNTUPD.EXE
0033 36 252 TMNTSRV.EXE
0034 36 260 PAVPRSRV.EXE
0035 36 268 PADMIN.EXE
0036 36 276 PAVPROT.EXE
0037 36 284 PANDAAV.EXE
0038 36 292 AVENGINE.EXE
0039 36 300 APVXDWIN.EXE
0040 36 308 AVGUARD.EXE
0041 36 316 AVGNT.EXE
0042 36 324 AVSCHED32.EXE
0043 36 332 NOD32KRN.EXE
0044 36 340 NOD32.EXE
0045 36 348 GBPSV.EXE
0046 36 356 NOD32KUI.EXE
0047 36 364 KAV.EXE
0048 36 372 KAVMM.EXE
0049 36 380 KAVPF.EXE
0050 36 388 AVGEMC.EXE
0051 36 396 AVGCC.EXE
0052 36 404 AVGAMSVR.EXE
0053 36 412 AVGUPSVC.EXE
0054 36 420 AVGW.EXE
0055 36 428 ASHWEBSV.EXE
0056 36 436 ASHDISP.EXE
0057 36 444 ASHMAISV.EXE
0058 36 452 ASHSERV.EXE
0059 36 460 ASWUPDSV.EXE
0060 36 468 EWIDOCTRL.EXE
0061 36 476 GUARD.EXE
0062 36 484 GCASDTSERV.EXE
0063 36 492 MSMPENG.EXE
0064 36 500 MCAFEE.EXE
0065 68 508 iexplore.exe
0066 68 516 firefox.exe
0067 68 524 opera.exe
0068 68 532 safari.exe
0069 68 936 sjnkfw.exe
0070 68 936 qiepks.exe
0071 68 936 anzmgd.exe
0072 68 936 wymtbt.exe
0073 68 936 uxrmtm.exe
0074 68 936 qvdecb.exe
0075 68 936 aaangq.exe
0076 68 936 fswlie.exe
.... 68 936 and so on...
The executable names in C:\Documents and Settings\Administrator\My Documents are 6 randomly generated lower-alphabetic characters.
Directory of C:
02/13/2008 11:24 AM <DIR> Documents and Settings
02/13/2008 11:24 AM <DIR> Program Files
02/13/2008 11:24 AM <DIR> RECYCLER
02/13/2008 11:24 AM <DIR> System Volume Information
02/13/2008 11:24 AM <DIR> WINDOWS
Directory of C:\Documents and Settings
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Administrator
02/13/2008 11:24 AM <DIR> All Users
02/13/2008 11:24 AM <DIR> Default User
Directory of C:\Documents and Settings\Administrator
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Application Data
02/13/2008 11:24 AM <DIR> Cookies
02/13/2008 11:24 AM <DIR> Desktop
02/13/2008 11:24 AM <DIR> Local Settings
02/13/2008 11:24 AM <DIR> My Documents
02/13/2008 11:24 AM <DIR> Start Menu
Directory of C:\Documents and Settings\Administrator\Application Data
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Microsoft
Directory of C:\Documents and Settings\Administrator\Application Data\Microsoft
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> AddIns
Directory of C:\Documents and Settings\Administrator\Application Data\Microsoft\AddIns
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Documents and Settings\Administrator\Cookies
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Documents and Settings\Administrator\Desktop
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM 65,536 victim.doc
02/13/2008 11:24 AM 65,536 victim.jpg
02/13/2008 11:24 AM 512 victim.txt
02/13/2008 11:24 AM 65,536 victim.xls
Directory of C:\Documents and Settings\Administrator\Local Settings
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Application Data
02/13/2008 11:24 AM <DIR> Temp
02/13/2008 11:24 AM <DIR> Temporary Internet Files
Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Documents and Settings\Administrator\Local Settings\Temp
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Content.IE5
Directory of C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Documents and Settings\Administrator\My Documents
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
09/12/2016 12:13 PM 3,584 hkfwli.exe
09/12/2016 12:13 PM 3,584 lmtfgd.exe
09/12/2016 12:13 PM 3,584 kfhfva.exe
09/12/2016 12:13 PM 3,584 mgqirn.exe
09/12/2016 12:13 PM 3,584 sjjnkf.exe
09/12/2016 12:13 PM 3,584 abcdef.exe (continues forever)
Directory of C:\Documents and Settings\Administrator\Start Menu
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Programs
Directory of C:\Documents and Settings\Administrator\Start Menu\Programs
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Startup
Directory of C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Documents and Settings\All Users
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Application Data
02/13/2008 11:24 AM <DIR> Desktop
02/13/2008 11:24 AM <DIR> Start Menu
Directory of C:\Documents and Settings\All Users\Application Data
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Documents and Settings\All Users\Desktop
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Documents and Settings\All Users\Start Menu
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Programs
Directory of C:\Documents and Settings\All Users\Start Menu\Programs
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Startup
Directory of C:\Documents and Settings\All Users\Start Menu\Programs\Startup
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Documents and Settings\Default User
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Application Data
02/13/2008 11:24 AM <DIR> Start Menu
Directory of C:\Documents and Settings\Default User\Application Data
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Documents and Settings\Default User\Start Menu
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Programs
Directory of C:\Documents and Settings\Default User\Start Menu\Programs
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Startup
Directory of C:\Documents and Settings\Default User\Start Menu\Programs\Startup
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Program Files
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Common Files
02/13/2008 11:24 AM <DIR> Internet Explorer
02/13/2008 11:24 AM <DIR> Windows Media Player
Directory of C:\Program Files\Common Files
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Microsoft Shared
02/13/2008 11:24 AM <DIR> System
Directory of C:\Program Files\Common Files\Microsoft Shared
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Program Files\Common Files\System
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Program Files\Internet Explorer
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\Program Files\Windows Media Player
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\RECYCLER
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> S-1-5-21-0-0-0-500
Directory of C:\RECYCLER\S-1-5-21-0-0-0-500
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\System Volume Information
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\WINDOWS
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Fonts
02/13/2008 11:24 AM <DIR> Installer
02/13/2008 11:24 AM <DIR> Microsoft.NET
02/13/2008 11:24 AM <DIR> Tasks
02/13/2008 11:24 AM <DIR> Temp
02/13/2008 11:24 AM <DIR> system
02/13/2008 11:24 AM <DIR> system32
Directory of C:\WINDOWS\Fonts
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\WINDOWS\Installer
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\WINDOWS\Microsoft.NET
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> Framework
Directory of C:\WINDOWS\Microsoft.NET\Framework
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\WINDOWS\Tasks
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\WINDOWS\Temp
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\WINDOWS\system
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\WINDOWS\system32
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> dllcache
02/13/2008 11:24 AM <DIR> drivers
02/13/2008 11:24 AM 989,696 kernel32.dll
02/13/2008 11:24 AM 706,048 ntdll.dll
02/13/2008 11:24 AM 1,048,576 victim.exe
02/13/2008 11:24 AM <DIR> wbem
Directory of C:\WINDOWS\system32\dllcache
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\WINDOWS\system32\drivers
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
02/13/2008 11:24 AM <DIR> etc
Directory of C:\WINDOWS\system32\drivers\etc
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..
Directory of C:\WINDOWS\system32\wbem
02/13/2008 11:24 AM <DIR> .
02/13/2008 11:24 AM <DIR> ..