Technical Information
- <Drive name for removable media>:\delete.avi
- <Drive name for removable media>:\join.avi
- <Drive name for removable media>:\dashborder_144.bmp
- C:\drivebackup\restore.exe
- %TEMP%\fwhbe65x.cmdline
- %TEMP%\fwhbe65x.out
- %TEMP%\vbc5f5e.tmp
- %TEMP%\res5f6f.tmp
- C:\perflogs.exe
- %TEMP%\6mnd5h7d.0.vb
- %TEMP%\6mnd5h7d.cmdline
- %TEMP%\6mnd5h7d.out
- C:\msocache.exe
- %TEMP%\fwhbe65x.0.vb
- %TEMP%\vbc650b.tmp
- %TEMP%\xoigjkxd.0.vb
- %TEMP%\xoigjkxd.cmdline
- %TEMP%\xoigjkxd.out
- %TEMP%\vbc698f.tmp
- %TEMP%\res6990.tmp
- C:\recovery.exe
- %APPDATA%\microsoft\windows\templates\templatehandler.exe
- %TEMP%\747r5yki.0.vb
- %TEMP%\res650c.tmp
- %ProgramFiles%.exe
- %TEMP%\res5afa.tmp
- %TEMP%\vbc5ae9.tmp
- %TEMP%\knwx03t2.out
- %TEMP%\ofoxqxvb.0.vb
- %TEMP%\ofoxqxvb.cmdline
- %TEMP%\ofoxqxvb.out
- %TEMP%\vbc4e47.tmp
- %TEMP%\res4e48.tmp
- C:\$recycle.bin.exe
- %TEMP%\nslgtmlg.0.vb
- %TEMP%\nslgtmlg.cmdline
- %TEMP%\nslgtmlg.out
- %PROGRAMDATA%\drivebackup\ybehrssz.ico
- %TEMP%\vbc52bc.tmp
- C:\documents and settings.exe
- %TEMP%\l0urlevs.0.vb
- %TEMP%\l0urlevs.cmdline
- %TEMP%\l0urlevs.out
- %TEMP%\vbc56c3.tmp
- %TEMP%\res56c4.tmp
- C:\far2.exe
- %TEMP%\knwx03t2.0.vb
- %TEMP%\knwx03t2.cmdline
- %TEMP%\res52bd.tmp
- %TEMP%\747r5yki.cmdline
- %TEMP%\747r5yki.out
- C:\drivebackup\restore.exe
- %TEMP%\res4e48.tmp
- %TEMP%\res5f6f.tmp
- %TEMP%\vbc5f5e.tmp
- %TEMP%\fwhbe65x.out
- %TEMP%\fwhbe65x.cmdline
- %TEMP%\fwhbe65x.0.vb
- %TEMP%\res650c.tmp
- %TEMP%\vbc650b.tmp
- %TEMP%\6mnd5h7d.cmdline
- %TEMP%\6mnd5h7d.out
- %TEMP%\6mnd5h7d.0.vb
- %TEMP%\res6990.tmp
- %TEMP%\vbc698f.tmp
- %TEMP%\xoigjkxd.0.vb
- %TEMP%\xoigjkxd.out
- %TEMP%\xoigjkxd.cmdline
- %TEMP%\knwx03t2.cmdline
- %TEMP%\747r5yki.0.vb
- %TEMP%\knwx03t2.0.vb
- %TEMP%\vbc5ae9.tmp
- %TEMP%\vbc4e47.tmp
- %TEMP%\ofoxqxvb.0.vb
- %TEMP%\ofoxqxvb.cmdline
- %TEMP%\ofoxqxvb.out
- %TEMP%\res52bd.tmp
- %TEMP%\vbc52bc.tmp
- %TEMP%\nslgtmlg.0.vb
- %TEMP%\nslgtmlg.cmdline
- %TEMP%\nslgtmlg.out
- %TEMP%\res56c4.tmp
- %TEMP%\vbc56c3.tmp
- %TEMP%\l0urlevs.cmdline
- %TEMP%\l0urlevs.out
- %TEMP%\l0urlevs.0.vb
- %TEMP%\res5afa.tmp
- %TEMP%\knwx03t2.out
- %TEMP%\747r5yki.cmdline
- 'li######edmeoff.ddns.net':333
- DNS ASK li######edmeoff.ddns.net
- '%APPDATA%\microsoft\windows\templates\templatehandler.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ofoxqxvb.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE4FA.tmp" "%TEMP%\vbcE4EA.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\s0a_jpjm.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE306.tmp" "%TEMP%\vbcE2F6.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\cd5o-jqk.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE0B4.tmp" "%TEMP%\vbcE0B3.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\gy1mo_j4.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESDE82.tmp" "%TEMP%\vbcDE81.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ozpxgacw.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\747r5yki.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6990.tmp" "%TEMP%\vbc698F.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\xoigjkxd.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES650C.tmp" "%TEMP%\vbc650B.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\6mnd5h7d.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5F6F.tmp" "%TEMP%\vbc5F5E.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\fwhbe65x.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5AFA.tmp" "%TEMP%\vbc5AE9.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\knwx03t2.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES56C4.tmp" "%TEMP%\vbc56C3.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\l0urlevs.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES52BD.tmp" "%TEMP%\vbc52BC.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\nslgtmlg.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4E48.tmp" "%TEMP%\vbc4E47.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\aibihzf4.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE70D.tmp" "%TEMP%\vbcE6FD.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ofoxqxvb.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE4FA.tmp" "%TEMP%\vbcE4EA.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\s0a_jpjm.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE306.tmp" "%TEMP%\vbcE2F6.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\cd5o-jqk.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE0B4.tmp" "%TEMP%\vbcE0B3.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\gy1mo_j4.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESDE82.tmp" "%TEMP%\vbcDE81.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ozpxgacw.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\747r5yki.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6990.tmp" "%TEMP%\vbc698F.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\aibihzf4.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\xoigjkxd.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\6mnd5h7d.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5F6F.tmp" "%TEMP%\vbc5F5E.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\fwhbe65x.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5AFA.tmp" "%TEMP%\vbc5AE9.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\knwx03t2.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES56C4.tmp" "%TEMP%\vbc56C3.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\l0urlevs.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES52BD.tmp" "%TEMP%\vbc52BC.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\nslgtmlg.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4E48.tmp" "%TEMP%\vbc4E47.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES650C.tmp" "%TEMP%\vbc650B.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE70D.tmp" "%TEMP%\vbcE6FD.tmp"