Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /F /PID 2556
- '%WINDIR%\syswow64\taskkill.exe' /F /PID 2352
- %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess32.exe
- all.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess32.exe
- %ProgramFiles(x86)%\steam\config\config.vdf
- %ProgramFiles(x86)%\steam\config\dialogconfig.vdf
- %LOCALAPPDATA%\google\chrome\user data\default\login data
- %LOCALAPPDATA%\google\chrome\user data\default\cookies
- %LOCALAPPDATA%\google\chrome\user data\default\web data
- %APPDATA%\opera software\opera stable\login data
- %HOMEPATH%\desktop\508softwareandos.doc
- %HOMEPATH%\desktop\file_p_00000000_1371597592.docx
- %HOMEPATH%\desktop\glidescope_review_rev_010.docx
- %HOMEPATH%\desktop\hadac_newsletter_july_2010_final.docx
- %HOMEPATH%\desktop\hanni_umami_chapter.doc
- %HOMEPATH%\desktop\holycrosschurchinstructions.docx
- %HOMEPATH%\desktop\thlps_keeper_mayer_1965.docx
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %TEMP%\tmpa008.tmp
- %TEMP%\tmp9ff8.tmp
- %TEMP%\tmp9ff7.tmp
- %TEMP%\tmp9ff6.tmp
- %TEMP%\tmp9fe5.tmp
- %TEMP%\tmp9fe4.tmp
- %TEMP%\tmp9fe3.tmp
- %TEMP%\tmpa019.tmp
- %TEMP%\tmp9fe2.tmp
- %TEMP%\tmp9fe0.tmp
- %TEMP%\tmp9fcf.tmp
- %TEMP%\tmp9fce.tmp
- %TEMP%\tmp9fcd.tmp
- %TEMP%\tmp9fcc.tmp
- %TEMP%\tmp9fcb.tmp
- %TEMP%\tmp9fbb.tmp
- %TEMP%\tmp9fe1.tmp
- %TEMP%\tmpb68a.tmp
- %TEMP%\tmpb6d2.tmp
- %TEMP%\tmpb634.tmp
- %TEMP%\tmpb6d1.tmp
- %TEMP%\tmpb6c0.tmp
- %TEMP%\tmpb6bf.tmp
- %TEMP%\tmpb6ae.tmp
- %TEMP%\tmpb6ad.tmp
- %TEMP%\tmpb69d.tmp
- %TEMP%\tmpb69c.tmp
- %TEMP%\tmp9fba.tmp
- %TEMP%\tmpb69b.tmp
- %TEMP%\tmpb689.tmp
- %TEMP%\tmpb688.tmp
- %TEMP%\tmpb678.tmp
- %TEMP%\tmpb677.tmp
- %TEMP%\tmpb676.tmp
- %TEMP%\tmpb665.tmp
- %TEMP%\tmpb635.tmp
- %TEMP%\tmpa029.tmp
- %TEMP%\tmpa03a.tmp
- %TEMP%\tmp9fb9.tmp
- %TEMP%\tmp9f66.tmp
- %TEMP%\tmp9f54.tmp
- %TEMP%\tmp9f53.tmp
- %TEMP%\tmp9f52.tmp
- %TEMP%\tmp9f41.tmp
- %TEMP%\tmp9f40.tmp
- %TEMP%\tmp9f3f.tmp
- %TEMP%\tmp9f3e.tmp
- %TEMP%\tmp9f55.tmp
- %TEMP%\tmp9f3d.tmp
- %TEMP%\tmp9f2c.tmp
- %TEMP%\tmp9f2b.tmp
- %TEMP%\tmp9f1a.tmp
- %TEMP%\tmp9f19.tmp
- %TEMP%\tmp9f18.tmp
- %TEMP%\tmp9f07.tmp
- %TEMP%\tmp9f06.tmp
- %TEMP%\tmp9f3c.tmp
- %TEMP%\tmp9f8f.tmp
- %TEMP%\tmp9fa7.tmp
- %TEMP%\tmp9f67.tmp
- %TEMP%\tmp9fa6.tmp
- %TEMP%\tmp9fa5.tmp
- %TEMP%\tmp9fa4.tmp
- %TEMP%\tmp9fa3.tmp
- %TEMP%\tmp9fa2.tmp
- %TEMP%\tmp9f92.tmp
- %TEMP%\tmp9f91.tmp
- %TEMP%\tmp9fb8.tmp
- %TEMP%\tmp9f90.tmp
- %TEMP%\tmp9f7e.tmp
- %TEMP%\tmp9f7d.tmp
- %TEMP%\tmp9f7c.tmp
- %TEMP%\tmp9f7b.tmp
- %TEMP%\tmp9f7a.tmp
- %TEMP%\tmp9f69.tmp
- %TEMP%\tmp9f68.tmp
- %TEMP%\tmp9f56.tmp
- %TEMP%\tmpb6e2.tmp
- %TEMP%\tmpb6e3.tmp
- %TEMP%\tmpb6e4.tmp
- %TEMP%\tmpb7f9.tmp
- %TEMP%\tmpb7f8.tmp
- %TEMP%\tmpb7f7.tmp
- %TEMP%\tmpb7f6.tmp
- %TEMP%\tmpb7f5.tmp
- %TEMP%\tmpb7e4.tmp
- %TEMP%\tmpb7e3.tmp
- %TEMP%\tmpb7b9.tmp
- %TEMP%\tmpb7e2.tmp
- %TEMP%\tmpb7d0.tmp
- %TEMP%\tmpb7cf.tmp
- %TEMP%\tmpb7ce.tmp
- %TEMP%\tmpb7cd.tmp
- %TEMP%\tmpb7cc.tmp
- %TEMP%\tmpb7cb.tmp
- %TEMP%\tmpb7bb.tmp
- %TEMP%\tmpb7e1.tmp
- %TEMP%\tmpb7ba.tmp
- %TEMP%\tmpb809.tmp
- %TEMP%\tmpb832.tmp
- %TEMP%\tmpb869.tmp
- %TEMP%\tmpb859.tmp
- %TEMP%\tmpb848.tmp
- %TEMP%\tmpb847.tmp
- %TEMP%\tmpb846.tmp
- %TEMP%\tmpb845.tmp
- %TEMP%\tmpb844.tmp
- %TEMP%\tmpb80b.tmp
- %TEMP%\tmpb80a.tmp
- %TEMP%\tmpb831.tmp
- %TEMP%\tmpb830.tmp
- %TEMP%\tmpb82f.tmp
- %TEMP%\tmpb81f.tmp
- %TEMP%\tmpb81e.tmp
- %TEMP%\tmpb81d.tmp
- %TEMP%\tmpb81c.tmp
- %TEMP%\tmpb833.tmp
- %TEMP%\tmpb7b8.tmp
- %TEMP%\tmpb7a7.tmp
- %TEMP%\tmpb7a6.tmp
- %TEMP%\tmpb732.tmp
- %TEMP%\tmpb731.tmp
- %TEMP%\tmpb730.tmp
- %TEMP%\tmpb71f.tmp
- %TEMP%\tmpb71e.tmp
- %TEMP%\tmpb71d.tmp
- %TEMP%\tmpb743.tmp
- %TEMP%\tmpb70c.tmp
- %TEMP%\tmpb70a.tmp
- %TEMP%\tmpb709.tmp
- %TEMP%\tmpb6f9.tmp
- %TEMP%\tmpb6f8.tmp
- %TEMP%\tmpb6f7.tmp
- %TEMP%\tmpb6f6.tmp
- %TEMP%\tmpb6e5.tmp
- %TEMP%\tmpb70b.tmp
- %TEMP%\tmpb744.tmp
- %TEMP%\tmpb733.tmp
- %TEMP%\tmpb745.tmp
- %TEMP%\tmpb7a5.tmp
- %TEMP%\tmpb78e.tmp
- %TEMP%\tmpb7a4.tmp
- %TEMP%\tmpb7a3.tmp
- %TEMP%\tmpb7a2.tmp
- %TEMP%\tmpb792.tmp
- %TEMP%\tmpb791.tmp
- %TEMP%\tmpb790.tmp
- %TEMP%\tmpb78f.tmp
- %TEMP%\tmpb77d.tmp
- %TEMP%\tmpb756.tmp
- %TEMP%\tmpb77c.tmp
- %TEMP%\tmpb77b.tmp
- %TEMP%\tmpb76a.tmp
- %TEMP%\tmpb769.tmp
- %TEMP%\tmpb768.tmp
- %TEMP%\tmpb758.tmp
- %TEMP%\tmpb757.tmp
- %TEMP%\tmp9f05.tmp
- %TEMP%\tmpb87a.tmp
- %TEMP%\tmp9f04.tmp
- %TEMP%\tmp9ef3.tmp
- %TEMP%\tmp9abc.tmp
- %TEMP%\tmp9abb.tmp
- %TEMP%\tmp9aab.tmp
- %TEMP%\tmp9aaa.tmp
- %TEMP%\tmp9aa9.tmp
- %TEMP%\tmp9aa8.tmp
- %TEMP%\tmp9aa7.tmp
- %TEMP%\tmp9abd.tmp
- %TEMP%\tmp9a96.tmp
- %TEMP%\tmp9a94.tmp
- %TEMP%\tmp9a93.tmp
- %TEMP%\tmp9a83.tmp
- %TEMP%\tmp9a82.tmp
- %TEMP%\tmp9a81.tmp
- %TEMP%\tmp9a70.tmp
- %TEMP%\tmp9a6f.tmp
- %TEMP%\tmp9a95.tmp
- %TEMP%\tmp9af7.tmp
- %TEMP%\tmp9b1f.tmp
- %TEMP%\tmp9ad0.tmp
- %TEMP%\tmp9b0f.tmp
- %TEMP%\tmp9b0e.tmp
- %TEMP%\tmp9b0d.tmp
- %TEMP%\tmp9b0c.tmp
- %TEMP%\tmp9b0b.tmp
- %TEMP%\tmp9b0a.tmp
- %TEMP%\tmp9af9.tmp
- %TEMP%\tmp9a6e.tmp
- %TEMP%\tmp9af8.tmp
- %TEMP%\tmp9af6.tmp
- %TEMP%\tmp9ae6.tmp
- %TEMP%\tmp9ae5.tmp
- %TEMP%\tmp9ae4.tmp
- %TEMP%\tmp9ae3.tmp
- %TEMP%\tmp9ad2.tmp
- %TEMP%\tmp9ad1.tmp
- %TEMP%\tmp9ace.tmp
- %TEMP%\tmp9acf.tmp
- %TEMP%\tmp9a6d.tmp
- %TEMP%\338711844.exe
- %TEMP%\all.exe
- %TEMP%\gingals.exe
- %TEMP%\desk.exe
- %TEMP%\1778679932.exe
- C:\fsskjdslfsfs
- C:\kj34kji34jdkj
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
- %TEMP%\setup.exe
- %APPDATA%\microsoft\windows\cookies\low\index.dat
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\pm6jxeyn\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\oce0nov6\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\dfqjp367\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\onzdchv7\desktop.ini
- %TEMP%\tmp9a14.tmp
- %TEMP%\tmp9a5b.tmp
- %LOCALAPPDATA%\google\chrome\user data\default\chrome.exe
- %TEMP%\tmp9a4b.tmp
- %TEMP%\tmp9a4a.tmp
- %TEMP%\tmp9a39.tmp
- %TEMP%\tmp9a38.tmp
- %TEMP%\tmp9a37.tmp
- %TEMP%\tmp9a27.tmp
- %TEMP%\tmp9a26.tmp
- %TEMP%\tmp9a5c.tmp
- %TEMP%\tmp9a25.tmp
- %TEMP%\tmp9a13.tmp
- %TEMP%\tmp9a02.tmp
- %TEMP%\tmp9a01.tmp
- %TEMP%\tmp9a00.tmp
- %TEMP%\tmp99ff.tmp
- %TEMP%\tmp99df.tmp
- %TEMP%\tmp99cf.tmp
- %TEMP%\nss4ab7.tmp\r2nhlygg210.dll
- %TEMP%\tmp9b20.tmp
- %TEMP%\tmp9b21.tmp
- %TEMP%\tmp9b22.tmp
- %TEMP%\tmp9e81.tmp
- %TEMP%\tmp9e71.tmp
- %TEMP%\tmp9e70.tmp
- %TEMP%\tmp9e6f.tmp
- %TEMP%\tmp9e5e.tmp
- %TEMP%\tmp9e5d.tmp
- %TEMP%\tmp9e4c.tmp
- %TEMP%\tmp9de4.tmp
- %TEMP%\tmp9e4b.tmp
- %TEMP%\tmp9e2a.tmp
- %TEMP%\tmp9e29.tmp
- %TEMP%\tmp9e28.tmp
- %TEMP%\tmp9e27.tmp
- %TEMP%\tmp9e17.tmp
- %TEMP%\tmp9e16.tmp
- %TEMP%\tmp9e15.tmp
- %TEMP%\tmp9e3b.tmp
- %TEMP%\tmp9df4.tmp
- %TEMP%\tmp9e82.tmp
- %TEMP%\tmp9ebb.tmp
- %TEMP%\tmp9ef2.tmp
- %TEMP%\tmp9ef1.tmp
- %TEMP%\tmp9ee0.tmp
- %TEMP%\tmp9ed0.tmp
- %TEMP%\tmp9ecf.tmp
- %TEMP%\tmp9ece.tmp
- %TEMP%\tmp9ebd.tmp
- %TEMP%\tmp9e94.tmp
- %TEMP%\tmp9e83.tmp
- %TEMP%\tmp9eaa.tmp
- %TEMP%\tmp9ea9.tmp
- %TEMP%\tmp9ea8.tmp
- %TEMP%\tmp9ea7.tmp
- %TEMP%\tmp9e97.tmp
- %TEMP%\tmp9e96.tmp
- %TEMP%\tmp9e95.tmp
- %TEMP%\tmp9ebc.tmp
- %TEMP%\tmp9be6.tmp
- %TEMP%\tmp9be5.tmp
- %TEMP%\tmp9bd5.tmp
- %TEMP%\tmp9b60.tmp
- %TEMP%\tmp9b5f.tmp
- %TEMP%\tmp9b5e.tmp
- %TEMP%\tmp9b4e.tmp
- %TEMP%\tmp9b4d.tmp
- %TEMP%\tmp9b4c.tmp
- %TEMP%\tmp9b62.tmp
- %TEMP%\tmp9b4b.tmp
- %TEMP%\tmp9b49.tmp
- %TEMP%\tmp9b38.tmp
- %TEMP%\tmp9b37.tmp
- %TEMP%\tmp9b36.tmp
- %TEMP%\tmp9b35.tmp
- %TEMP%\tmp9b34.tmp
- %TEMP%\tmp9b33.tmp
- %TEMP%\tmp9b4a.tmp
- %TEMP%\tmp9b63.tmp
- %TEMP%\tmp9b61.tmp
- %TEMP%\tmp9b64.tmp
- %TEMP%\tmp9bb5.tmp
- %TEMP%\tmp9b8d.tmp
- %TEMP%\tmp9bb4.tmp
- %TEMP%\tmp9bb3.tmp
- %TEMP%\tmp9bb2.tmp
- %TEMP%\tmp9ba1.tmp
- %TEMP%\tmp9ba0.tmp
- %TEMP%\tmp9b9f.tmp
- %TEMP%\tmp9b8e.tmp
- %TEMP%\tmp9b8c.tmp
- %TEMP%\tmp9b75.tmp
- %TEMP%\tmp9b8b.tmp
- %TEMP%\tmp9b8a.tmp
- %TEMP%\tmp9b89.tmp
- %TEMP%\tmp9b79.tmp
- %TEMP%\tmp9b78.tmp
- %TEMP%\tmp9b77.tmp
- %TEMP%\tmp9b76.tmp
- %TEMP%\tmp9f03.tmp
- %TEMP%\tmpb88a.tmp
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\dfqjp367\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\oce0nov6\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\pm6jxeyn\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\onzdchv7\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
- %TEMP%\nss4ab7.tmp\r2nhlygg210.dll
- %TEMP%\tmpa008.tmp
- %TEMP%\tmpa019.tmp
- %TEMP%\tmpa029.tmp
- %TEMP%\tmpa03a.tmp
- %TEMP%\tmpb635.tmp
- %TEMP%\tmpb676.tmp
- %TEMP%\tmp9f92.tmp
- %TEMP%\tmpb678.tmp
- %TEMP%\tmpb69b.tmp
- %TEMP%\tmpb69d.tmp
- %TEMP%\tmpb6ae.tmp
- %TEMP%\tmpb6c0.tmp
- %TEMP%\tmpb6d2.tmp
- %TEMP%\tmpb6e3.tmp
- %TEMP%\tmp9ff6.tmp
- %TEMP%\tmp9ff8.tmp
- %TEMP%\tmp9fe4.tmp
- %TEMP%\tmp9fe2.tmp
- %TEMP%\tmp9fe0.tmp
- %TEMP%\tmp9f55.tmp
- %TEMP%\tmp9f66.tmp
- %TEMP%\tmp9f68.tmp
- %TEMP%\tmp9f7a.tmp
- %TEMP%\tmp9f7c.tmp
- %TEMP%\tmp9f7e.tmp
- %TEMP%\tmpb6e5.tmp
- %TEMP%\tmpb689.tmp
- %TEMP%\tmp9f90.tmp
- %TEMP%\tmp9fa5.tmp
- %TEMP%\tmp9fa7.tmp
- %TEMP%\tmp9fb9.tmp
- %TEMP%\tmp9fbb.tmp
- %TEMP%\tmp9fcc.tmp
- %TEMP%\tmp9fce.tmp
- %TEMP%\tmp9f53.tmp
- %TEMP%\tmp9fa3.tmp
- %TEMP%\tmpb6f7.tmp
- %TEMP%\tmpb6f9.tmp
- %TEMP%\tmpb70a.tmp
- %TEMP%\tmpb7d0.tmp
- %TEMP%\tmpb7e2.tmp
- %TEMP%\tmpb7e4.tmp
- %TEMP%\tmpb7f6.tmp
- %TEMP%\tmpb7f8.tmp
- %TEMP%\tmpb809.tmp
- %TEMP%\tmpb80b.tmp
- %TEMP%\tmpb81f.tmp
- %TEMP%\tmp9f41.tmp
- %TEMP%\tmpb830.tmp
- %TEMP%\tmpb832.tmp
- %TEMP%\tmpb844.tmp
- %TEMP%\tmpb846.tmp
- %TEMP%\tmpb848.tmp
- %TEMP%\tmpb859.tmp
- %TEMP%\tmpb869.tmp
- %TEMP%\tmpb7ce.tmp
- %TEMP%\tmpb76a.tmp
- %TEMP%\tmpb7cc.tmp
- %TEMP%\tmpb768.tmp
- %TEMP%\tmpb70c.tmp
- %TEMP%\tmpb71e.tmp
- %TEMP%\tmpb730.tmp
- %TEMP%\tmpb732.tmp
- %TEMP%\tmpb743.tmp
- %TEMP%\tmpb745.tmp
- %TEMP%\tmpb757.tmp
- %TEMP%\tmpb87a.tmp
- %TEMP%\tmpb7b9.tmp
- %TEMP%\tmpb77c.tmp
- %TEMP%\tmpb78e.tmp
- %TEMP%\tmpb790.tmp
- %TEMP%\tmpb792.tmp
- %TEMP%\tmpb7a3.tmp
- %TEMP%\tmpb7a5.tmp
- %TEMP%\tmpb7a7.tmp
- %TEMP%\tmpb7bb.tmp
- %TEMP%\tmpb81d.tmp
- %TEMP%\tmp9f3f.tmp
- %TEMP%\tmp9ebc.tmp
- %TEMP%\tmp9ae4.tmp
- %TEMP%\tmp9ae6.tmp
- %TEMP%\tmp9af7.tmp
- %TEMP%\tmp9af9.tmp
- %TEMP%\tmp9b0b.tmp
- %TEMP%\tmp9b0d.tmp
- %TEMP%\tmp9a5c.tmp
- %TEMP%\tmp9b0f.tmp
- %TEMP%\tmp9b22.tmp
- %TEMP%\tmp9b34.tmp
- %TEMP%\tmp9b36.tmp
- %TEMP%\tmp9b38.tmp
- %TEMP%\tmp9b4a.tmp
- %TEMP%\tmp9b4c.tmp
- %TEMP%\tmp9ad0.tmp
- %TEMP%\tmp9ad2.tmp
- %TEMP%\tmp9ace.tmp
- %TEMP%\tmp9abc.tmp
- %TEMP%\tmp9aab.tmp
- %TEMP%\tmp9a00.tmp
- %TEMP%\tmp9a02.tmp
- %TEMP%\tmp9a14.tmp
- %TEMP%\tmp9a26.tmp
- %TEMP%\tmp9a37.tmp
- %TEMP%\tmp9a39.tmp
- %TEMP%\tmp9b4e.tmp
- %TEMP%\tmp9b20.tmp
- %TEMP%\tmp9a4b.tmp
- %TEMP%\tmp9a70.tmp
- %TEMP%\tmp9a82.tmp
- %TEMP%\tmp9a93.tmp
- %TEMP%\tmp9a95.tmp
- %TEMP%\tmp9aa7.tmp
- %TEMP%\tmp9aa9.tmp
- %TEMP%\tmp99df.tmp
- %TEMP%\tmp9a6e.tmp
- %TEMP%\tmp9b5f.tmp
- %TEMP%\tmp9b61.tmp
- %TEMP%\tmp9b63.tmp
- %TEMP%\tmp9e70.tmp
- %TEMP%\tmp9e81.tmp
- %TEMP%\tmp9e83.tmp
- %TEMP%\tmp9e95.tmp
- %TEMP%\tmp9e97.tmp
- %TEMP%\tmp9ea8.tmp
- %TEMP%\tmp9eaa.tmp
- %TEMP%\tmp9ece.tmp
- %TEMP%\tmp9f3d.tmp
- %TEMP%\tmp9ed0.tmp
- %TEMP%\tmp9ef1.tmp
- %TEMP%\tmp9ef3.tmp
- %TEMP%\tmp9f04.tmp
- %TEMP%\tmp9f06.tmp
- %TEMP%\tmp9f18.tmp
- %TEMP%\tmp9f1a.tmp
- %TEMP%\tmp9e5e.tmp
- %TEMP%\tmp9bb4.tmp
- %TEMP%\tmp9e4c.tmp
- %TEMP%\tmp9bb2.tmp
- %TEMP%\tmp9b75.tmp
- %TEMP%\tmp9b77.tmp
- %TEMP%\tmp9b79.tmp
- %TEMP%\tmp9b8a.tmp
- %TEMP%\tmp9b8c.tmp
- %TEMP%\tmp9b8e.tmp
- %TEMP%\tmp9ba0.tmp
- %TEMP%\tmp9f2c.tmp
- %TEMP%\tmp9e29.tmp
- %TEMP%\tmp9bb5.tmp
- %TEMP%\tmp9bd5.tmp
- %TEMP%\tmp9be5.tmp
- %TEMP%\tmp9be6.tmp
- %TEMP%\tmp9df4.tmp
- %TEMP%\tmp9e16.tmp
- %TEMP%\tmp9e27.tmp
- %TEMP%\tmp9e3b.tmp
- %TEMP%\tmpb88a.tmp
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://pr###ad.info/hhhuuulllliiiiii/rrrorororor/eueueuueueue.exe
- http://pr###ad.info/fnc/eueueuueueue.php
- http://pr###ad.info/hhhuuulllliiiiii/rrrorororor/momomoomomom.exe
- http://pr###ad.info/fnc/momomoomomom.php
- http://ch#####.amazonaws.com/
- http://www.ge###ugin.net/json.gp?ip###############
- http://11#.###.142.219:35253/IRemotePanel via 11#.#03.142.219
- http://5.###.194.139:35253/IRemotePanel via 5.###.194.139
- http://re####skitchen.info/IRemotePanel
- DNS ASK yi#.su
- DNS ASK microsoft.com
- DNS ASK ip###ger.com
- DNS ASK pr###ad.info
- DNS ASK go.##lanum.ru
- DNS ASK lv.##gunhey.ru
- DNS ASK ap#.ip.sb
- DNS ASK ch#####.amazonaws.com
- DNS ASK wh###.iana.org
- DNS ASK WH###.RIPE.NET
- DNS ASK ge###ugin.net
- DNS ASK re####skitchen.info
- ClassName: '' WindowName: ''
- '%TEMP%\1778679932.exe'
- '%TEMP%\all.exe'
- '%TEMP%\desk.exe'
- '%TEMP%\gingals.exe'
- '%TEMP%\setup.exe'
- '%TEMP%\338711844.exe'
- '%LOCALAPPDATA%\google\chrome\user data\default\chrome.exe'
- '%WINDIR%\syswow64\cmd.exe' /c start "" "all.exe" & start "" "Desk.exe" & start "" "Gingals.exe" & start "" "setup.exe" &' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /k ping 0 & del <Full path to file> & exit' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\syswow64\WININET.dll",DispatchAPICall 1
- '%WINDIR%\syswow64\cmd.exe' /c start "" "all.exe" & start "" "Desk.exe" & start "" "Gingals.exe" & start "" "setup.exe" &
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'
- '%WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess32.exe'
- '%WINDIR%\syswow64\cmd.exe' /k ping 0 & del <Full path to file> & exit
- '%WINDIR%\syswow64\ping.exe' 0
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /PID 2556 && choice /C Y /N /D Y /T 3 & Del "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
- '%WINDIR%\syswow64\choice.exe' /C Y /N /D Y /T 3
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /PID 2352 && choice /C Y /N /D Y /T 3 & Del "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"