Technical Information
- [<HKLM>\SOFTWARE\Classes\.quarantined_by_task_manager\shell\open\command] '' = '"<Full path to virus>" "%1"'
- <Current directory>\Process_information_database\7e7fffa09dc4fd1046f7e4b512ab0ae1.iscrt
- <Current directory>\Process_information_database\00036163
- <Current directory>\Process_information_database\0002BA0AICON_SMALL.bmp
- <Current directory>\Process_information_database\00034CFCICON_SMALL.bmp
- <Current directory>\Process_information_database\0003556BICON_SMALL.bmp
- <Current directory>\Process_information_database\7d5bf11b9031da699b8f84778a2cab60.iscrt
- <Current directory>\Process_information_database\000369CC
- <Current directory>\Process_information_database\9933dc73ffa34ea424c0155b923dab6d.iscrt
- <Current directory>\Process_information_database\0003235CICON_SMALL.bmp
- <Current directory>\Process_information_database\9eea72944a9eadaeacde50f9ef15178c.iscrt
- <Current directory>\Process_information_database\000337B7
- <Current directory>\Process_information_database\000307EA
- <Current directory>\Process_information_database\0002CE59
- <Current directory>\Process_information_database\0002F395ICON_SMALL.bmp
- <Current directory>\Process_information_database\6a4cdf476a6fd40e0eef8414c8ed6c3f.iscrt
- <Current directory>\Process_information_database\0002B4AC
- <Current directory>\Process_information_database\0002A9B3ICON_SMALL.bmp
- <Current directory>\Process_information_database\c34f7789236d5fe57e529725ab2bc997.iscrt
- <Current directory>\Process_information_database\0002BDFC
- <Current directory>\Process_information_database\0002D621
- <Current directory>\Process_information_database\0002B7D7
- <Current directory>\Process_information_database\0002C1D2ICON_SMALL.bmp
- <Current directory>\Process_information_database\141f16773d9da788b064b8178f3637e4.iscrt
- <Current directory>\Process_information_database\00037825ICON_SMALL.bmp
- <Current directory>\Process_information_database\00031E4B
- <Current directory>\Process_information_database\0002A063ICON_SMALL.bmp
- <Current directory>\Process_information_database\3032c526468c70782b0eafe0d5c4095b.iscrt
- <Current directory>\Process_information_database\2844705359ec834ef0eabc7b4edf2180.iscrt
- <Current directory>\Process_information_database\34388a4dd1f90e150a05ecbe1bc9a7ea.iscrt
- <Current directory>\Process_information_database\00038C86
- <Current directory>\Process_information_database\000309F0ICON_SMALL.bmp
- <Current directory>\Process_information_database\00031AA2ICON_SMALL.bmp
- <Current directory>\Process_information_database\0002894DICON_SMALL.bmp
- <Current directory>\Process_information_database\89eb5721f9ca901942b701a463f11b06.iscrt
- <Current directory>\Process_information_database\00029D96
- <Current directory>\Process_information_database\00036A9C
- <Current directory>\Process_information_database\000384DC
- <Current directory>\Process_information_database\0003563BICON_SMALL.bmp
- <Current directory>\Process_information_database\89d9440a6c976d1d0d7026e4f6952f76.iscrt
- <Current directory>\Process_information_database\00029455ICON_SMALL.bmp
- %TEMP%\Cab5.tmp
- <Current directory>\Process_information_database\0002B814
- <Current directory>\Process_information_database\0004293AICON_SMALL.bmp
- <Current directory>\Process_information_database\e9110fd56cf94fea25ac73e7c7be4488.iscrt
- <Current directory>\Process_information_database\8b31af15b0fdeffdbd004f8af9fb33d2.iscrt
- <Current directory>\Process_information_database\0002A89E
- <Current directory>\Process_information_database\0002A3CBICON_SMALL.bmp
- <Current directory>\Process_information_database\11caeea31242dfe023e71cbacc83589a.iscrt
- <Current directory>\Process_information_database\00027C81
- <Current directory>\Process_information_database\0002C9E8ICON_SMALL.bmp
- <Current directory>\Process_information_database\fcc7750802107c4adf9edde5b292dafb.iscrt
- <Current directory>\Process_information_database\e4134a4e416009f5ec09187b7ff44881.iscrt
- <Current directory>\Process_information_database\4f5d1b60758b07060f4ed2e44ad93d95.iscrt
- <Current directory>\Process_information_database\00032EFD
- <Current directory>\Process_information_database\0002683EICON_SMALL.bmp
- <Current directory>\Process_information_database\0002DE37
- <Current directory>\Process_information_database\ef731a365c73ddedd635f733d2eead7e.iscrt
- <Current directory>\Process_information_database\000322E2
- <Current directory>\Process_information_database\0003707BICON_SMALL.bmp
- <Current directory>\Process_information_database\00030E81ICON_SMALL.bmp
- <Current directory>\Process_information_database\00032DE3ICON_SMALL.bmp
- <Current directory>\Process_information_database\203b214fec5191e0fe1f0ed54d8f67c7.iscrt
- <Current directory>\Process_information_database\00034244
- <Current directory>\Process_information_database\15bea0acf617fe14263b7b61dede8a0c.iscrt
- <Current directory>\Process_information_database\6ec0b199b9e82a8a97829b6e65587521.iscrt
- <Current directory>\Process_information_database\0004AE47ICON_SMALL.bmp
- <Current directory>\Process_information_database\455c0b577d6232fc928e4c7402bb398c.iscrt
- <Current directory>\Process_information_database\e6251a1874eda6cfdf87052952d1a4f1.iscrt
- <Current directory>\Process_information_database\c387eab864e76d3403e4f46be8ded552.iscrt
- <Current directory>\Process_information_database\00034B9DICON_SMALL.bmp
- <Current directory>\Process_information_database\4418dae955df3f0278ea157de54fe190.iscrt
- <Current directory>\Process_information_database\00039D94
- <Current directory>\Process_information_database\00029985ICON_SMALL.bmp
- <Current directory>\Process_information_database\82360c4fb8dd048f656b71335f09543e.iscrt
- <Current directory>\Process_information_database\5ec352c5e9847e10f9f2da971995a9d6.iscrt
- <Current directory>\Process_information_database\aca48eef1230c5ad1cbd516ff22fb93d.iscrt
- <Current directory>\Process_information_database\0004C2E4
- <Current directory>\Process_information_database\00038927ICON_SMALL.bmp
- <Current directory>\Process_information_database\0002C756ICON_SMALL.bmp
- <Current directory>\Process_information_database\141783d95890b8247f765bfe60fc186d.iscrt
- <Current directory>\Process_information_database\00038BB8ICON_SMALL.bmp
- <Current directory>\Process_information_database\514bd9f4d6d98274a15a60d3911b1f61.iscrt
- <Current directory>\Process_information_database\00034C29_W
- <Current directory>\Process_information_database\a71b5c434c4da413c69cbd01892ec06f.iscrt
- <Current directory>\Process_information_database\dc88d9df3e4d87bfa3964851ae1e88e2.iscrt
- <Current directory>\Process_information_database\00034C29_A
- <Current directory>\Process_information_database\92c52a10fdd15c8e7a104320c01af3d6.iscrt
- <Current directory>\Process_information_database\525e3e0fe75cb12ada1bba8e11f3f79d.iscrt
- <Current directory>\Process_information_database\f2fdad3a1efdfc2da3710d461046f397.iscrt
- <Current directory>\Process_information_database\f869e2e9d93d612288c6b6bf50d6cfe6.iscrt
- <Current directory>\Process_information_database\10e038f7d923ba9c158d717d5197f007.iscrt
- <Current directory>\Process_information_database\d43518823cdd86004deac1588e4e04f4.iscrt
- <Current directory>\Process_information_database\50644ced8a7423ae5db86510d3201211.iscrt
- <Current directory>\Process_information_database\8be9c5b7456a5d0bd78d90c896aa2a53.iscrt
- <Current directory>\Process_information_database\009b642ff6877ceb09357b45249554d0.iscrt
- <Current directory>\Process_information_database\0002F40F
- <Current directory>\Process_information_database\00032D90ICON_SMALL.bmp
- <Current directory>\Process_information_database\d954a9952990d897e3e9fc78ee87572f.iscrt
- <Current directory>\Process_information_database\5b2445010a209feed43288c8b5af3b1b.iscrt
- <Current directory>\Process_information_database\df449a9b202d2a2349655484065d0d45.iscrt
- <Current directory>\Process_information_database\0002CB83
- <Current directory>\Process_information_database\0002DFB4ICON_SMALL.bmp
- <Current directory>\Process_information_database\000341EB
- <Current directory>\Process_information_database\00028F5B
- <Current directory>\Process_information_database\0002A388ICON_SMALL.bmp
- <Current directory>\Process_information_database\7574ed1f838e164a6d6ce7e3d52307bd.iscrt
- <Current directory>\Process_information_database\7af4f4428dcc856d5a001af3ebac2a64.iscrt
- <Current directory>\Process_information_database\a8e631e47cf8f50639dd3435d313e703.iscrt
- <Current directory>\Process_information_database\00028CFC
- <Current directory>\Process_information_database\00027B18ICON_SMALL.bmp
- <Current directory>\Process_information_database\0002B734ICON_SMALL.bmp
- <Current directory>\Process_information_database\000281E5
- <Current directory>\Process_information_database\000357F5ICON_SMALL.bmp
- <Current directory>\Process_information_database\59184acd96aa03dc71c6f4d31f4ae675.iscrt
- <Current directory>\Process_information_database\7648d3e3bb7eb6904de2f512dc5c7020.iscrt
- <Current directory>\Process_information_database\0002ADCE
- <Current directory>\Process_information_database\00026DA2ICON_SMALL.bmp
- <Current directory>\Process_information_database\b4706dec232e1b4b44bfbcd5b5b1bac8.iscrt
- %TEMP%\Cab1.tmp
- %TEMP%\Cab3.tmp
- %TEMP%\Tar4.tmp
- <Current directory>\Process_information_database\00038284
- <Current directory>\Process_information_database\0bf22b174acc2d99ed75bfd81e50ee30.iscrt
- <Current directory>\Process_information_database\00036C56
- %TEMP%\Tar2.tmp
- <Current directory>\Process_information_database\00036E23ICON_SMALL.bmp
- %TEMP%\Tar4.tmp
- %TEMP%\Cab5.tmp
- %TEMP%\Cab3.tmp
- %TEMP%\Cab1.tmp
- %TEMP%\Tar2.tmp
- 'crl.verisign.com':80
- 'www.download.windowsupdate.com':80
- crl.verisign.com/pca3.crl
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
- DNS ASK cs######4-crl.verisign.com
- DNS ASK crl.verisign.com
- DNS ASK www.download.windowsupdate.com
- ClassName: 'SysPager' WindowName: ''
- ClassName: 'ToolbarWindow32' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TrayNotifyWnd' WindowName: ''