Technical Information
- <Drive name for removable media>:\delete.avi
- <Drive name for removable media>:\split.avi
- <Drive name for removable media>:\000814251_video_01.avi
- <Drive name for removable media>:\correct.avi
- <Drive name for removable media>:\join.avi
- C:\system\client.exe
- C:\far2.exe
- %TEMP%\ye1abend.0.vb
- %TEMP%\ye1abend.cmdline
- %TEMP%\ye1abend.out
- %TEMP%\vbcf52ba00e96104df8b22127433c2b5f5.tmp
- %TEMP%\vbcddab8243d03c4a8388285e19cbd1639.tmp
- %TEMP%\res7c9f.tmp
- C:\msocache.exe
- %TEMP%\1ugftl41.0.vb
- %TEMP%\1ugftl41.cmdline
- %TEMP%\1ugftl41.out
- %TEMP%\vbcabccb510a9764e18815b286f276d6c69.tmp
- %TEMP%\vbc85a5cbe9d4a4a2c8ad36e9043d59e0.tmp
- %TEMP%\res8152.tmp
- C:\perflogs.exe
- %WINDIR%\syswow64\client.exe
- %TEMP%\zjy32xoq.0.vb
- %TEMP%\res7608.tmp
- %TEMP%\zjy32xoq.cmdline
- %TEMP%\vbcb8467ae0df86441dae89aca811c1391.tmp
- %TEMP%\nqnk4wcs.out
- %PROGRAMDATA%\system\vblrvzwf.ico
- %TEMP%\d4sdchrq.0.vb
- %TEMP%\d4sdchrq.cmdline
- %TEMP%\d4sdchrq.out
- %TEMP%\vbc265c0b6d9fb740d4a31f6fceb5a8be7.tmp
- %TEMP%\vbce938090e7754774b6223d4457fa5f1b.tmp
- %TEMP%\res6c24.tmp
- C:\$recycle.bin.exe
- %TEMP%\amxr2g1l.0.vb
- %TEMP%\amxr2g1l.cmdline
- %TEMP%\amxr2g1l.out
- %TEMP%\vbc73cee7566438413cbd3cb2d3831a7a71.tmp
- %TEMP%\vbc3d6b1ea7eba345efa721f71f51c01751.tmp
- %TEMP%\res7126.tmp
- C:\documents and settings.exe
- %TEMP%\nqnk4wcs.0.vb
- %TEMP%\nqnk4wcs.cmdline
- %TEMP%\vbcfd9fdf06da24497083a0fc28aebc92a.tmp
- %TEMP%\zjy32xoq.out
- C:\system\client.exe
- %TEMP%\res6c24.tmp
- %TEMP%\1ugftl41.0.vb
- %TEMP%\1ugftl41.out
- %TEMP%\1ugftl41.cmdline
- %TEMP%\vbcabccb510a9764e18815b286f276d6c69.tmp
- %TEMP%\vbc85a5cbe9d4a4a2c8ad36e9043d59e0.tmp
- %TEMP%\res8152.tmp
- %TEMP%\ye1abend.out
- %TEMP%\ye1abend.0.vb
- %TEMP%\ye1abend.cmdline
- %TEMP%\vbcf52ba00e96104df8b22127433c2b5f5.tmp
- %TEMP%\vbcddab8243d03c4a8388285e19cbd1639.tmp
- %TEMP%\res7c9f.tmp
- %TEMP%\nqnk4wcs.out
- %TEMP%\nqnk4wcs.0.vb
- %TEMP%\nqnk4wcs.cmdline
- %TEMP%\vbcfd9fdf06da24497083a0fc28aebc92a.tmp
- %TEMP%\vbcb8467ae0df86441dae89aca811c1391.tmp
- %TEMP%\res7608.tmp
- %TEMP%\amxr2g1l.0.vb
- %TEMP%\amxr2g1l.cmdline
- %TEMP%\amxr2g1l.out
- %TEMP%\vbc73cee7566438413cbd3cb2d3831a7a71.tmp
- %TEMP%\vbc3d6b1ea7eba345efa721f71f51c01751.tmp
- %TEMP%\res7126.tmp
- %TEMP%\d4sdchrq.0.vb
- %TEMP%\d4sdchrq.out
- %TEMP%\d4sdchrq.cmdline
- %TEMP%\vbc265c0b6d9fb740d4a31f6fceb5a8be7.tmp
- %TEMP%\vbce938090e7754774b6223d4457fa5f1b.tmp
- %TEMP%\zjy32xoq.cmdline
- %TEMP%\zjy32xoq.0.vb
- 'mj####.#reedynamicdns.org':1056
- DNS ASK mj####.#reedynamicdns.org
- '%WINDIR%\syswow64\client.exe'
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\d4sdchrq.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\25wmxyzd.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2591.tmp" "%TEMP%\vbc752E926CB9134BCF891280BF71B781C.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\oaolgzhg.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES23EB.tmp" "%TEMP%\vbc87076479DA3B4D28A48678DC2A775457.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\n5dabsa1.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2255.tmp" "%TEMP%\vbcFF12F24294F54D829B8C2E7ABE91627.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\mhedi5fw.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2051.tmp" "%TEMP%\vbc34B2954181C24469A91CC25534DA749.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\uswhrtyd.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES1E9C.tmp" "%TEMP%\vbcA2AB62E556343E498A9DE7F87A962F5.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\g2gaugxv.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES19D9.tmp" "%TEMP%\vbc1ECEF8FE79BD4DEA98B9C81D45C6D8B.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\i23hlh4t.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES1833.tmp" "%TEMP%\vbc2806589E11684FED9F47C354CD546690.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\zqedyfyb.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\zjy32xoq.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES8152.tmp" "%TEMP%\vbc85A5CBE9D4A4A2C8AD36E9043D59E0.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\1ugftl41.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES7C9F.tmp" "%TEMP%\vbcDDAB8243D03C4A8388285E19CBD1639.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\ye1abend.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES7608.tmp" "%TEMP%\vbcB8467AE0DF86441DAE89ACA811C1391.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\nqnk4wcs.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES7126.tmp" "%TEMP%\vbc3D6B1EA7EBA345EFA721F71F51C01751.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\amxr2g1l.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6C24.tmp" "%TEMP%\vbcE938090E7754774B6223D4457FA5F1B.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2747.tmp" "%TEMP%\vbc6A01AA8DF4DE4208A4A4DAE772B2845.TMP"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\yi52rood.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\d4sdchrq.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\25wmxyzd.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2591.tmp" "%TEMP%\vbc752E926CB9134BCF891280BF71B781C.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\oaolgzhg.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES23EB.tmp" "%TEMP%\vbc87076479DA3B4D28A48678DC2A775457.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\n5dabsa1.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2255.tmp" "%TEMP%\vbcFF12F24294F54D829B8C2E7ABE91627.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\mhedi5fw.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2051.tmp" "%TEMP%\vbc34B2954181C24469A91CC25534DA749.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\uswhrtyd.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES1E9C.tmp" "%TEMP%\vbcA2AB62E556343E498A9DE7F87A962F5.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\g2gaugxv.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES19D9.tmp" "%TEMP%\vbc1ECEF8FE79BD4DEA98B9C81D45C6D8B.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\i23hlh4t.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES1833.tmp" "%TEMP%\vbc2806589E11684FED9F47C354CD546690.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\zqedyfyb.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\zjy32xoq.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES8152.tmp" "%TEMP%\vbc85A5CBE9D4A4A2C8AD36E9043D59E0.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\1ugftl41.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES7C9F.tmp" "%TEMP%\vbcDDAB8243D03C4A8388285E19CBD1639.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\ye1abend.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES7608.tmp" "%TEMP%\vbcB8467AE0DF86441DAE89ACA811C1391.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\nqnk4wcs.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES7126.tmp" "%TEMP%\vbc3D6B1EA7EBA345EFA721F71F51C01751.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\amxr2g1l.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6C24.tmp" "%TEMP%\vbcE938090E7754774B6223D4457FA5F1B.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2747.tmp" "%TEMP%\vbc6A01AA8DF4DE4208A4A4DAE772B2845.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\yi52rood.cmdline"