Technical Information
- %LOCALAPPDATA%\start\update_backup.exe
- %LOCALAPPDATA%\start\rcxae24.tmp
- <Drive name for removable media>:\wrar520_backup.exe
- <Drive name for removable media>:\calc_backup.exe
- <Drive name for removable media>:\skypesetup_backup.exe
- <Drive name for removable media>:\bloc-notes.exe
- <Drive name for removable media>:\wrar520_backup.exe
- <Drive name for removable media>:\rcxa7a8.tmp
- <Drive name for removable media>:\calc_backup.exe
- <Drive name for removable media>:\rcxadb4.tmp
- <Drive name for removable media>:\skypesetup_backup.exe
- <Drive name for removable media>:\rcxb66f.tmp
- hidden files
- file extensions
- %TEMP%\ddsfrdfzu.resources
- %TEMP%\nywdnrmf.cmdline
- %TEMP%\nywdnrmf.out
- %TEMP%\vbca4c8.tmp
- %TEMP%\resa518.tmp
- %TEMP%\xccb.resources
- %TEMP%\x.resources
- %TEMP%\x4tcrgx0.0.vb
- %TEMP%\resa57a.tmp
- %TEMP%\x4tcrgx0.cmdline
- %TEMP%\vbcabbe.tmp
- %TEMP%\resabde.tmp
- %TEMP%\v.resources
- %TEMP%\aycnyluve.resources
- %TEMP%\s4bzcrs4.0.vb
- %TEMP%\s4bzcrs4.cmdline
- %TEMP%\s4bzcrs4.out
- %TEMP%\op.resources
- %TEMP%\nywdnrmf.0.vb
- %TEMP%\hpslrs.resources
- %TEMP%\windowsupdate.ico
- %TEMP%\resac02.tmp
- %TEMP%\svchost.exe
- %LOCALAPPDATA%\start\update.exe
- %TEMP%\xg74l13z.resources
- %TEMP%\msnpsharp.dll
- %TEMP%\j5xnrjbd.0.vb
- %TEMP%\j5xnrjbd.cmdline
- %TEMP%\j5xnrjbd.out
- %TEMP%\vbcb3ad.tmp
- %TEMP%\x4tcrgx0.out
- %TEMP%\vbca569.tmp
- %TEMP%\l.resources
- %TEMP%\iaja.resources
- %TEMP%\whatdafock.txt
- %TEMP%\axoravjx.0.vb
- %TEMP%\axoravjx.cmdline
- %TEMP%\axoravjx.out
- %TEMP%\vbcabe2.tmp
- %TEMP%\update.exe
- %TEMP%\j5xnrjbd.exe
- %TEMP%\resb3ec.tmp
- %TEMP%\resa57a.tmp
- %TEMP%\op.resources
- %TEMP%\resabde.tmp
- %TEMP%\vbcabbe.tmp
- %TEMP%\x4tcrgx0.cmdline
- %TEMP%\x4tcrgx0.out
- %TEMP%\nywdnrmf.0.vb
- %TEMP%\hpslrs.resources
- %TEMP%\x4tcrgx0.0.vb
- %TEMP%\resb3ec.tmp
- %TEMP%\vbcb3ad.tmp
- %TEMP%\s4bzcrs4.cmdline
- %TEMP%\s4bzcrs4.out
- %TEMP%\s4bzcrs4.0.vb
- %TEMP%\xccb.resources
- %TEMP%\x.resources
- %TEMP%\nywdnrmf.cmdline
- %TEMP%\nywdnrmf.out
- %TEMP%\vbca4c8.tmp
- %TEMP%\j5xnrjbd.exe
- %TEMP%\j5xnrjbd.cmdline
- %TEMP%\j5xnrjbd.0.vb
- %TEMP%\j5xnrjbd.out
- %TEMP%\resac02.tmp
- %TEMP%\vbcabe2.tmp
- %TEMP%\vbca569.tmp
- %TEMP%\axoravjx.out
- %TEMP%\axoravjx.0.vb
- %TEMP%\l.resources
- %TEMP%\iaja.resources
- %TEMP%\windowsupdate.ico
- %LOCALAPPDATA%\start\update.exe
- %TEMP%\resa518.tmp
- %TEMP%\axoravjx.cmdline
- %TEMP%\v.resources
- %TEMP%\aycnyluve.resources
- <Drive name for removable media>:\wrar520.exe
- <Drive name for removable media>:\calc.exe
- <Drive name for removable media>:\skypesetup.exe
- %TEMP%\windowsupdate.ico
- '17#.#3.169.14':80
- '%TEMP%\update.exe'
- '%TEMP%\svchost.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\j5xnrjbd.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA57A.tmp" "%TEMP%\vbcA569.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\axoravjx.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESAC02.tmp" "%TEMP%\vbcABE2.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\nywdnrmf.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA518.tmp" "%TEMP%\vbcA4C8.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\x4tcrgx0.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESABDE.tmp" "%TEMP%\vbcABBE.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\s4bzcrs4.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESB3EC.tmp" "%TEMP%\vbcB3AD.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\j5xnrjbd.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA57A.tmp" "%TEMP%\vbcA569.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\axoravjx.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESAC02.tmp" "%TEMP%\vbcABE2.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\nywdnrmf.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA518.tmp" "%TEMP%\vbcA4C8.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\x4tcrgx0.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESABDE.tmp" "%TEMP%\vbcABBE.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\s4bzcrs4.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESB3EC.tmp" "%TEMP%\vbcB3AD.tmp"