Technical Information
- %TEMP%\tvsswhovyhyu.exe
- %TEMP%\psf0xiif.0.vb
- %TEMP%\psf0xiif.cmdline
- %TEMP%\psf0xiif.out
- %TEMP%\vbcdd25.tmp
- %TEMP%\resdd35.tmp
- C:\perflogs.exe
- %TEMP%\maib9-mw.0.vb
- %TEMP%\maib9-mw.cmdline
- %TEMP%\maib9-mw.out
- %APPDATA%\chrome.exe
- %TEMP%\vbce2fe.tmp
- %TEMP%\rese30f.tmp
- C:\program files.exe
- %TEMP%\q2cqbtla.0.vb
- %TEMP%\q2cqbtla.cmdline
- %TEMP%\q2cqbtla.out
- %TEMP%\vbceb19.tmp
- %TEMP%\reseb1a.tmp
- C:\recovery.exe
- %TEMP%\muuergvh.0.vb
- %TEMP%\muuergvh.cmdline
- %TEMP%\muuergvh.out
- %TEMP%\vbcf305.tmp
- C:\msocache.exe
- %TEMP%\resf316.tmp
- %TEMP%\resd72d.tmp
- %TEMP%\xcvro3x8.out
- %TEMP%\mlcnhmakpgjsz.txt
- C:\google\chrome.exe
- %ALLUSERSPROFILE%\google\fbtxzmonfu.ico
- %TEMP%\gkp-4xmv.0.vb
- %TEMP%\gkp-4xmv.cmdline
- %TEMP%\gkp-4xmv.out
- %TEMP%\vbcc37d.tmp
- %TEMP%\resc38e.tmp
- C:\$recycle.bin.exe
- %TEMP%\v6ecb-k1.0.vb
- %TEMP%\v6ecb-k1.cmdline
- %TEMP%\v6ecb-k1.out
- %TEMP%\vbccb0b.tmp
- %TEMP%\rescb0c.tmp
- C:\documents and settings.exe
- %TEMP%\7vzi4mxk.0.vb
- %TEMP%\7vzi4mxk.cmdline
- %TEMP%\7vzi4mxk.out
- %TEMP%\vbcd171.tmp
- %TEMP%\resd182.tmp
- C:\far2.exe
- %TEMP%\xcvro3x8.0.vb
- %TEMP%\xcvro3x8.cmdline
- %TEMP%\vbcd72c.tmp
- C:\totalcmd.exe
- C:\google\chrome.exe
- %TEMP%\resc38e.tmp
- %TEMP%\psf0xiif.cmdline
- %TEMP%\psf0xiif.0.vb
- %TEMP%\psf0xiif.out
- %TEMP%\rese30f.tmp
- %TEMP%\vbce2fe.tmp
- %TEMP%\maib9-mw.0.vb
- %TEMP%\v6ecb-k1.out
- %TEMP%\maib9-mw.cmdline
- %TEMP%\reseb1a.tmp
- %TEMP%\vbceb19.tmp
- %TEMP%\q2cqbtla.0.vb
- %TEMP%\q2cqbtla.out
- %TEMP%\q2cqbtla.cmdline
- %TEMP%\muuergvh.cmdline
- %TEMP%\resdd35.tmp
- %TEMP%\vbcdd25.tmp
- %TEMP%\xcvro3x8.cmdline
- %TEMP%\xcvro3x8.0.vb
- %TEMP%\xcvro3x8.out
- %TEMP%\gkp-4xmv.0.vb
- %TEMP%\gkp-4xmv.out
- %TEMP%\gkp-4xmv.cmdline
- %TEMP%\rescb0c.tmp
- %TEMP%\vbccb0b.tmp
- %TEMP%\v6ecb-k1.cmdline
- %TEMP%\resf316.tmp
- %TEMP%\maib9-mw.out
- %TEMP%\v6ecb-k1.0.vb
- %TEMP%\vbcd171.tmp
- %TEMP%\7vzi4mxk.out
- %TEMP%\7vzi4mxk.cmdline
- %TEMP%\7vzi4mxk.0.vb
- %TEMP%\resd72d.tmp
- %TEMP%\vbcd72c.tmp
- %TEMP%\vbcc37d.tmp
- %TEMP%\resd182.tmp
- %TEMP%\vbcf305.tmp
- '14#.#51.216.210':9876
- '14#.#51.216.210':9876
- '%TEMP%\tvsswhovyhyu.exe'
- '%APPDATA%\chrome.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESEB1A.tmp" "%TEMP%\vbcEB19.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\q2cqbtla.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE30F.tmp" "%TEMP%\vbcE2FE.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\maib9-mw.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESDD35.tmp" "%TEMP%\vbcDD25.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\psf0xiif.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD72D.tmp" "%TEMP%\vbcD72C.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\xcvro3x8.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD182.tmp" "%TEMP%\vbcD171.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\7vzi4mxk.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESCB0C.tmp" "%TEMP%\vbcCB0B.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\v6ecb-k1.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESC38E.tmp" "%TEMP%\vbcC37D.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\gkp-4xmv.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\muuergvh.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF316.tmp" "%TEMP%\vbcF305.tmp"' (with hidden window)
- '%WINDIR%\syswow64\notepad.exe' %TEMP%\Mlcnhmakpgjsz.txt
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESEB1A.tmp" "%TEMP%\vbcEB19.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\q2cqbtla.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE30F.tmp" "%TEMP%\vbcE2FE.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\maib9-mw.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESDD35.tmp" "%TEMP%\vbcDD25.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\psf0xiif.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\muuergvh.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD72D.tmp" "%TEMP%\vbcD72C.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD182.tmp" "%TEMP%\vbcD171.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\7vzi4mxk.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESCB0C.tmp" "%TEMP%\vbcCB0B.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\v6ecb-k1.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESC38E.tmp" "%TEMP%\vbcC37D.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\gkp-4xmv.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\xcvro3x8.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF316.tmp" "%TEMP%\vbcF305.tmp"