Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2320633bbd5b9c41d628d6d2b760a34d' = '"%TEMP%\System32.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2320633bbd5b9c41d628d6d2b760a34d' = '"%TEMP%\System32.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\2320633bbd5b9c41d628d6d2b760a34d.exe
- <Drive name for removable media>:\2320633bbd5b9c41d628d6d2b760a34d.exe
- '%TEMP%\System32.exe'
- '<Current directory>\pfsx-setup-01net-10.7.3.exe' /_ShowProgress
- '<Current directory>\photo.exe'
- '<Current directory>\pfsx-setup-01net-10.7.3.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\System32.exe" "System32.exe" ENABLE
- %TEMP%\ish264843\images\back_butt_over.png
- %TEMP%\ish264843\images\BG.png
- %TEMP%\ish264843\csshover3.htc
- %TEMP%\ish264843\images\back_butt.png
- %TEMP%\ish264843\images\close.png
- %TEMP%\ish264843\images\Lightning.png
- %TEMP%\ish264843\images\loader.gif
- %TEMP%\ish264843\images\close_hover.png
- %TEMP%\ish264843\images\icon_generic.png
- %TEMP%\ish264843\css\sdk-ui\button.css
- %TEMP%\ish264843\css\sdk-ui\checkbox.css
- %TEMP%\ish264843\css\main.css
- %TEMP%\ish264843\css\sdk-ui\browse.css
- %TEMP%\ish264843\css\sdk-ui\images\button-bg.png
- %TEMP%\ish264843\css\sdk-ui\images\progress-bg2.png
- %TEMP%\ish264843\css\sdk-ui\progress-bar.css
- %TEMP%\ish264843\css\sdk-ui\images\progress-bg-corner.png
- %TEMP%\ish264843\css\sdk-ui\images\progress-bg.png
- %TEMP%\00046FEC.log
- %TEMP%\ish264843\locale\FR.locale
- %TEMP%\ish264843\sdk\exceptlist.txt
- %HOMEPATH%\Local Settings\Temp0004FBA2.log
- %HOMEPATH%\Local Settings\Temp0004FE32.log
- %WINDIR%\Temp\WERfe8b.dir00\wmiprvse.exe.mdmp
- %TEMP%\ICReinstall_pfsx-setup-01net-10.7.3.exe
- %TEMP%\0004FD48.log
- %TEMP%\ish264843\images\Next_butt_hover.png
- %TEMP%\ish264843\images\pause.png
- %TEMP%\ish264843\images\Lock.png
- %TEMP%\ish264843\images\Next_butt.png
- %TEMP%\ish264843\images\play_butt.png
- %TEMP%\ish264843\images\Quick_Specs.png
- %TEMP%\ish264843\locale\EN.locale
- %TEMP%\ish264843\images\progress-bg.png
- %TEMP%\ish264843\images\progress.png
- %TEMP%\ish264843\css\ie6_main.css
- %TEMP%\ish218312\css\sdk-ui\images\progress-bg2.png
- %TEMP%\ish218312\css\sdk-ui\progress-bar.css
- %TEMP%\ish218312\css\sdk-ui\images\progress-bg-corner.png
- %TEMP%\ish218312\css\sdk-ui\images\progress-bg.png
- %TEMP%\ish218312\csshover3.htc
- %TEMP%\ish218312\images\BG.png
- %TEMP%\ish218312\images\close.png
- %TEMP%\ish218312\images\back_butt.png
- %TEMP%\ish218312\images\back_butt_over.png
- %TEMP%\000350A2.log
- %TEMP%\ish218312\css\ie6_main.css
- <Current directory>\pfsx-setup-01net-10.7.3.exe
- <Current directory>\photo.exe
- %TEMP%\ish218312\css\main.css
- %TEMP%\ish218312\css\sdk-ui\checkbox.css
- %TEMP%\ish218312\css\sdk-ui\images\button-bg.png
- %TEMP%\ish218312\css\sdk-ui\browse.css
- %TEMP%\ish218312\css\sdk-ui\button.css
- %TEMP%\ish218312\images\Quick_Specs.png
- %TEMP%\ish218312\locale\EN.locale
- %TEMP%\ish218312\images\progress-bg.png
- %TEMP%\ish218312\images\progress.png
- %TEMP%\ish218312\locale\FR.locale
- %TEMP%\ish218312\bootstrap_32153.html
- %TEMP%\00040A5C.log
- %TEMP%\ish218312\sdk\exceptlist.txt
- %TEMP%\System32.exe
- %TEMP%\ish218312\images\Lightning.png
- %TEMP%\ish218312\images\loader.gif
- %TEMP%\ish218312\images\close_hover.png
- %TEMP%\ish218312\images\icon_generic.png
- %TEMP%\ish218312\images\Lock.png
- %TEMP%\ish218312\images\pause.png
- %TEMP%\ish218312\images\play_butt.png
- %TEMP%\ish218312\images\Next_butt.png
- %TEMP%\ish218312\images\Next_butt_hover.png
- <Drive name for removable media>:\2320633bbd5b9c41d628d6d2b760a34d.exe
- %TEMP%\ish264843\images\back_butt_over.png
- %TEMP%\ish264843\images\BG.png
- %TEMP%\ish264843\images\back_butt.png
- %TEMP%\ish264843\css\sdk-ui\progress-bar.css
- %TEMP%\ish264843\csshover3.htc
- %TEMP%\ish264843\images\close.png
- %HOMEPATH%\Local Settings\Temp0004FE32.log
- %WINDIR%\Temp\WERfe8b.dir00\wmiprvse.exe.mdmp
- %TEMP%\0004FD48.log
- %TEMP%\ish218312\bootstrap_32153.html
- %HOMEPATH%\Local Settings\Temp0004FBA2.log
- %TEMP%\ish264843\css\sdk-ui\images\progress-bg2.png
- %TEMP%\ish264843\css\ie6_main.css
- %TEMP%\ish264843\css\main.css
- %TEMP%\00046FEC.log
- %TEMP%\000350A2.log
- %TEMP%\00040A5C.log
- %TEMP%\ish264843\css\sdk-ui\browse.css
- %TEMP%\ish264843\css\sdk-ui\images\progress-bg-corner.png
- %TEMP%\ish264843\css\sdk-ui\images\progress-bg.png
- %TEMP%\ish264843\css\sdk-ui\images\button-bg.png
- %TEMP%\ish264843\css\sdk-ui\button.css
- %TEMP%\ish264843\css\sdk-ui\checkbox.css
- 'localhost':1039
- 'www.ra##ab.com':80
- 'os.####chargercdn.com':80
- 'se####.no-ip.biz':1177
- www.ra##ab.com/rar/wrar393fr.exe
- os.####chargercdn.com/Telecharger/?v=################
- DNS ASK d.##apd.com
- DNS ASK www.ra##ab.com
- DNS ASK os.####chargercdn.com
- DNS ASK se####.no-ip.biz
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''