Technical Information
- %LOCALAPPDATA%\start\update_backup.exe
- %LOCALAPPDATA%\start\rcxfdda.tmp
- <Drive name for removable media>:\winmine_backup.exe
- <Drive name for removable media>:\notepad_backup.exe
- <Drive name for removable media>:\calc_backup.exe
- <Drive name for removable media>:\bloc-notes.exe
- <Drive name for removable media>:\winmine_backup.exe
- <Drive name for removable media>:\rcxee65.tmp
- <Drive name for removable media>:\notepad_backup.exe
- <Drive name for removable media>:\rcxf53c.tmp
- <Drive name for removable media>:\calc_backup.exe
- <Drive name for removable media>:\rcx26ad.tmp
- hidden files
- file extensions
- %TEMP%\dg.resources
- %TEMP%\gxuw0zgf.cmdline
- %TEMP%\gxuw0zgf.out
- %TEMP%\vbceb47.tmp
- %TEMP%\reseb77.tmp
- %TEMP%\y.resources
- %TEMP%\cmvnljdml.resources
- %TEMP%\azpngw9m.0.vb
- %TEMP%\resf669.tmp
- %TEMP%\azpngw9m.cmdline
- %TEMP%\vbcf1b0.tmp
- %TEMP%\resf1ef.tmp
- %TEMP%\jxzh.resources
- %TEMP%\jofsqubb.resources
- %TEMP%\mq9at2jg.0.vb
- %TEMP%\mq9at2jg.cmdline
- %TEMP%\mq9at2jg.out
- %TEMP%\hdjesx.resources
- %TEMP%\gxuw0zgf.0.vb
- %TEMP%\tlwtjmzhd.resources
- %TEMP%\windowsupdate.ico
- %TEMP%\resfbe7.tmp
- %TEMP%\svchost.exe
- %LOCALAPPDATA%\start\update.exe
- %TEMP%\tt7f57ie2.resources
- %TEMP%\msnpsharp.dll
- %TEMP%\ho6j0dnu.0.vb
- %TEMP%\ho6j0dnu.cmdline
- %TEMP%\ho6j0dnu.out
- %TEMP%\vbc236e.tmp
- %TEMP%\azpngw9m.out
- %TEMP%\vbcf658.tmp
- %TEMP%\rn.resources
- %TEMP%\fvftoth.resources
- %TEMP%\whatdafock.txt
- %TEMP%\-hzcnbsi.0.vb
- %TEMP%\-hzcnbsi.cmdline
- %TEMP%\-hzcnbsi.out
- %TEMP%\vbcfbd6.tmp
- %TEMP%\update.exe
- %TEMP%\ho6j0dnu.exe
- %TEMP%\res238f.tmp
- %TEMP%\resf669.tmp
- %TEMP%\hdjesx.resources
- %TEMP%\resf1ef.tmp
- %TEMP%\vbcf1b0.tmp
- %TEMP%\azpngw9m.0.vb
- %TEMP%\azpngw9m.cmdline
- %TEMP%\gxuw0zgf.out
- %TEMP%\tlwtjmzhd.resources
- %TEMP%\azpngw9m.out
- %TEMP%\res238f.tmp
- %TEMP%\vbc236e.tmp
- %TEMP%\mq9at2jg.cmdline
- %TEMP%\mq9at2jg.0.vb
- %TEMP%\mq9at2jg.out
- %TEMP%\y.resources
- %TEMP%\cmvnljdml.resources
- %TEMP%\gxuw0zgf.cmdline
- %TEMP%\gxuw0zgf.0.vb
- %TEMP%\vbceb47.tmp
- %TEMP%\ho6j0dnu.0.vb
- %TEMP%\ho6j0dnu.cmdline
- %TEMP%\ho6j0dnu.out
- %TEMP%\ho6j0dnu.exe
- %TEMP%\resfbe7.tmp
- %TEMP%\vbcfbd6.tmp
- %TEMP%\vbcf658.tmp
- %TEMP%\-hzcnbsi.cmdline
- %TEMP%\-hzcnbsi.out
- %TEMP%\rn.resources
- %TEMP%\fvftoth.resources
- %TEMP%\windowsupdate.ico
- %LOCALAPPDATA%\start\update.exe
- %TEMP%\reseb77.tmp
- %TEMP%\-hzcnbsi.0.vb
- %TEMP%\jxzh.resources
- %TEMP%\jofsqubb.resources
- <Drive name for removable media>:\winmine.exe
- <Drive name for removable media>:\notepad.exe
- <Drive name for removable media>:\calc.exe
- %TEMP%\windowsupdate.ico
- '17#.#3.169.14':80
- '%TEMP%\update.exe'
- '%TEMP%\svchost.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ho6j0dnu.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF669.tmp" "%TEMP%\vbcF658.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\-hzcnbsi.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESFBE7.tmp" "%TEMP%\vbcFBD6.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\gxuw0zgf.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESEB77.tmp" "%TEMP%\vbcEB47.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\azpngw9m.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF1EF.tmp" "%TEMP%\vbcF1B0.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\mq9at2jg.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES238F.tmp" "%TEMP%\vbc236E.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ho6j0dnu.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF669.tmp" "%TEMP%\vbcF658.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\-hzcnbsi.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESFBE7.tmp" "%TEMP%\vbcFBD6.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\gxuw0zgf.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESEB77.tmp" "%TEMP%\vbcEB47.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\azpngw9m.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF1EF.tmp" "%TEMP%\vbcF1B0.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\mq9at2jg.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES238F.tmp" "%TEMP%\vbc236E.tmp"