Technical Information
- %HOMEPATH%\start menu\programs\startup\svchost.exe
- <Drive name for removable media>:\notepad_backup.exe
- <Drive name for removable media>:\skypesetup_backup.exe
- <Drive name for removable media>:\dotnetfx45_full_setup_backup.exe
- <Drive name for removable media>:\bloc-notes.exe
- <Drive name for removable media>:\notepad_backup.exe
- <Drive name for removable media>:\rcxb.tmp
- <Drive name for removable media>:\skypesetup_backup.exe
- <Drive name for removable media>:\rcxf.tmp
- <Drive name for removable media>:\dotnetfx45_full_setup_backup.exe
- <Drive name for removable media>:\rcx12.tmp
- %TEMP%\ivs.resources
- %TEMP%\vbc9.tmp
- %TEMP%\resa.tmp
- %TEMP%\windowsupdate.ico
- %TEMP%\uttc.tmp.new
- %APPDATA%\utorrent\toolbar.benc.new
- %TEMP%\z.resources
- %TEMP%\xo.resources
- %TEMP%\3b7oqbf6.0.vb
- %TEMP%\3b7oqbf6.out
- %TEMP%\res11.tmp
- %TEMP%\vbcd.tmp
- %TEMP%\rese.tmp
- %TEMP%\kji.resources
- %TEMP%\n.resources
- %TEMP%\jp39utka.0.vb
- %TEMP%\jp39utka.cmdline
- %TEMP%\jp39utka.out
- %TEMP%\vbc10.tmp
- %TEMP%\kzwcfnax.out
- %TEMP%\3b7oqbf6.cmdline
- %TEMP%\kzwcfnax.cmdline
- %TEMP%\res2.tmp
- %TEMP%\svchost.exe
- %TEMP%\utorrent.exe
- %TEMP%\d45z3.resources
- %TEMP%\msnpsharp.dll
- %TEMP%\22o32e36.0.vb
- %TEMP%\22o32e36.cmdline
- %TEMP%\22o32e36.out
- %TEMP%\vbc1.tmp
- %TEMP%\22o32e36.exe
- %TEMP%\whatdafock.txt
- %TEMP%\utt3.tmp.new
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1229272821-842925246-1060284298-1003\1f91d2d17ea675d4c2c3192e241743f9_5f9fe710-99e6-4c04-be62-a7f1b8b321d1
- %TEMP%\hyd8.tmp.1563604597\hta\install.1563604597.zip
- %TEMP%\t3qc
- %HOMEPATH%\cookies\user@localhost[1].txt
- %APPDATA%\utorrent\settings.dat.new
- %TEMP%\gpektuzgi.resources
- %TEMP%\wsox.resources
- %TEMP%\kzwcfnax.0.vb
- %HOMEPATH%\cookies\user@localhost[2].txt
- %TEMP%\res2.tmp
- %TEMP%\n.resources
- %TEMP%\kji.resources
- %TEMP%\jp39utka.cmdline
- %TEMP%\jp39utka.out
- %TEMP%\jp39utka.0.vb
- %TEMP%\vbc10.tmp
- %TEMP%\res11.tmp
- <Drive name for removable media>:\skypesetup_backup.exe
- %TEMP%\xo.resources
- %TEMP%\z.resources
- %TEMP%\3b7oqbf6.out
- %TEMP%\3b7oqbf6.cmdline
- %TEMP%\3b7oqbf6.0.vb
- %TEMP%\vbcd.tmp
- <Drive name for removable media>:\dotnetfx45_full_setup_backup.exe
- %TEMP%\rese.tmp
- <Drive name for removable media>:\notepad_backup.exe
- %TEMP%\wsox.resources
- %TEMP%\gpektuzgi.resources
- %TEMP%\kzwcfnax.0.vb
- %TEMP%\kzwcfnax.out
- %TEMP%\kzwcfnax.cmdline
- %TEMP%\vbc9.tmp
- %TEMP%\resa.tmp
- %TEMP%\utt3.tmp
- %TEMP%\22o32e36.exe
- %TEMP%\22o32e36.cmdline
- %TEMP%\22o32e36.out
- %TEMP%\22o32e36.0.vb
- %TEMP%\vbc1.tmp
- %TEMP%\windowsupdate.ico
- %HOMEPATH%\cookies\user@localhost[1].txt
- from %TEMP%\utt3.tmp.new to %TEMP%\utt3.tmp
- from %APPDATA%\utorrent\settings.dat.new to %APPDATA%\utorrent\settings.dat
- from %TEMP%\uttc.tmp.new to %TEMP%\uttc.tmp
- from %APPDATA%\utorrent\toolbar.benc.new to %APPDATA%\utorrent\toolbar.benc
- <Drive name for removable media>:\notepad.exe
- <Drive name for removable media>:\skypesetup.exe
- <Drive name for removable media>:\dotnetfx45_full_setup.exe
- <Drive name for removable media>:\notepad_backup.exe
- %TEMP%\windowsupdate.ico
- <Drive name for removable media>:\skypesetup_backup.exe
- <Drive name for removable media>:\dotnetfx45_full_setup_backup.exe
- '17#.#3.169.14':80
- DNS ASK ro####.utorrent.com
- DNS ASK be###.utorrent.com
- DNS ASK up####.utorrent.com
- DNS ASK ro####.bittorrent.com
- ClassName: 'ВµTorrent4823DF041B09' WindowName: ''
- '%TEMP%\svchost.exe'
- '%TEMP%\utorrent.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\22o32e36.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\vbc1.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\kzwcfnax.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA.tmp" "%TEMP%\vbc9.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\3b7oqbf6.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE.tmp" "%TEMP%\vbcD.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\jp39utka.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES11.tmp" "%TEMP%\vbc10.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\22o32e36.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\vbc1.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\kzwcfnax.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA.tmp" "%TEMP%\vbc9.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\3b7oqbf6.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE.tmp" "%TEMP%\vbcD.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\jp39utka.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES11.tmp" "%TEMP%\vbc10.tmp"