Technical Information
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ngen.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ngen.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
- <Current directory>\bad127 with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
- <Current directory>\bad107 with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
- <Current directory>\bad138 with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ilasm.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe
- <Current directory>\bad74 with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
- <Current directory>\bad9 with <Auxiliary element>
- <Current directory>\bad34 with <Auxiliary element>
- <SYSTEM32>\vmicsvc.exe with <SYSTEM32>\vmicsvc.exe
- <Current directory>\bad165 with <Auxiliary element>
- <Current directory>\bad12 with <Auxiliary element>
- <Current directory>\bad114 with <Auxiliary element>
- <SYSTEM32>\sleep.exe with <SYSTEM32>\sleep.exe
- %WINDIR%\Microsoft.NET\NETFXRepair.exe with %WINDIR%\Microsoft.NET\NETFXRepair.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
- <SYSTEM32>\MRT.exe with <SYSTEM32>\MRT.exe
- %WINDIR%\sleep.exe with %WINDIR%\sleep.exe
- %WINDIR%\sfk.exe with %WINDIR%\sfk.exe
- <Current directory>\bad107 with %WINDIR%\assembly\NativeImages_v2.0.50727_32\MSBuild\74a8b6419deb005337a1e43ec2502134\MSBuild.ni.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\mcupdate\ef1649ac80ee0bfe0eaf5b677a46bbf4\mcupdate.ni.exe with %WINDIR%\assembly\NativeImages_v2.0.50727_32\mcupdate\ef1649ac80ee0bfe0eaf5b677a46bbf4\mcupdate.ni.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\LoadMxf\22c718bcf8d41793155223e7e1afec99\LoadMxf.ni.exe with %WINDIR%\assembly\NativeImages_v2.0.50727_32\LoadMxf\22c718bcf8d41793155223e7e1afec99\LoadMxf.ni.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\WsatConfig\9d60139fdead64a892985181d663989f\WsatConfig.ni.exe with %WINDIR%\assembly\NativeImages_v2.0.50727_32\WsatConfig\9d60139fdead64a892985181d663989f\WsatConfig.ni.exe
- <Current directory>\bad18 with %WINDIR%\assembly\NativeImages_v2.0.50727_32\WsatConfig\9d60139fdead64a892985181d663989f\WsatConfig.ni.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\Narrator\c1ee01ff40acce2918c5319332bfca20\Narrator.ni.exe with %WINDIR%\assembly\NativeImages_v2.0.50727_32\Narrator\c1ee01ff40acce2918c5319332bfca20\Narrator.ni.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\ehExtHost\778542790c617b0394213b0a542e3ef2\ehExtHost.ni.exe with %WINDIR%\assembly\NativeImages_v2.0.50727_32\ehExtHost\778542790c617b0394213b0a542e3ef2\ehExtHost.ni.exe
- %WINDIR%\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe with %WINDIR%\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
- %WINDIR%\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe with %WINDIR%\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
- %WINDIR%\assembly\GAC_32\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe with %WINDIR%\assembly\GAC_32\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\3912b69593af13d0922279a063e5af66\ComSvcConfig.ni.exe with %WINDIR%\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\3912b69593af13d0922279a063e5af66\ComSvcConfig.ni.exe
- %WINDIR%\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe with %WINDIR%\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe
- %WINDIR%\assembly\GAC_MSIL\loadmxf\6.1.0.0__31bf3856ad364e35\loadmxf.exe with %WINDIR%\assembly\GAC_MSIL\loadmxf\6.1.0.0__31bf3856ad364e35\loadmxf.exe
- %WINDIR%\assembly\NativeImages_v4.0.30319_32\dfsvc\1361a05238cfe45d7da6cb4b367a986c\dfsvc.ni.exe with %WINDIR%\assembly\NativeImages_v4.0.30319_32\dfsvc\1361a05238cfe45d7da6cb4b367a986c\dfsvc.ni.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
- <Current directory>\bad118 with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
- %WINDIR%\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe with %WINDIR%\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- %WINDIR%\assembly\NativeImages_v4.0.30319_32\WsatConfig\7708e8673f6a5ddc3130203686db0b5b\WsatConfig.ni.exe with %WINDIR%\assembly\NativeImages_v4.0.30319_32\WsatConfig\7708e8673f6a5ddc3130203686db0b5b\WsatConfig.ni.exe
- %WINDIR%\assembly\NativeImages_v4.0.30319_32\MSBuild\8ca394271c3a83e44006fd273afee7be\MSBuild.ni.exe with %WINDIR%\assembly\NativeImages_v4.0.30319_32\MSBuild\8ca394271c3a83e44006fd273afee7be\MSBuild.ni.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
- <Drive name for removable media>:\$$336699.bat
- <Drive name for removable media>:\<Virus name>.exe
- '<SYSTEM32>\cmd.exe' /c E:\$$336699.bat
- %PROGRAM_FILES%\FireFox\xpt_dump.exe
- %PROGRAM_FILES%\FireFox\xpt_link.exe
- %PROGRAM_FILES%\FireFox\xpidl.exe
- %PROGRAM_FILES%\FireFox\updater.exe
- %PROGRAM_FILES%\FireFox\xpcshell.exe
- <Auxiliary name>
- <PATH_<Auxiliary name>.EXE>
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEE4.tmp
- <Auxiliary element>
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEF5.tmp
- %PROGRAM_FILES%\FireFox\firefox.exe
- %PROGRAM_FILES%\FireFox\js.exe
- %PROGRAM_FILES%\FireFox\crashreporter.exe
- C:\$Recycle.Bin\S-1-5-21-3525224950-2885160813-905547259-1000\$RNVE6DO.exe
- C:\Far2\Far.exe
- %PROGRAM_FILES%\FireFox\shlibsign.exe
- %PROGRAM_FILES%\FireFox\uninstall\helper.exe
- %PROGRAM_FILES%\FireFox\plugin-container.exe
- %PROGRAM_FILES%\FireFox\mangle.exe
- %PROGRAM_FILES%\FireFox\nsinstall.exe
- <Current directory>\bad30
- <Current directory>\bad82
- <Current directory>\bad173
- <Current directory>\bad196
- <Current directory>\bad34
- <Current directory>\bad39
- <Current directory>\bad4
- <Current directory>\bad0
- <Current directory>\bad159
- <Current directory>\bad89
- <Current directory>\bad191
- <Current directory>\bad113
- <Current directory>\bad80
- <Current directory>\bad9
- <Current directory>\bad192
- <Current directory>\bad167
- <Current directory>\bad163
- <Current directory>\bad18
- <Current directory>\bad33
- <Current directory>\bad127
- <Current directory>\bad74
- <Current directory>\bad42
- <Drive name for removable media>:\<Virus name>.exe
- <Current directory>\bad138
- <Current directory>\bad20
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEF5.tmp
- <Current directory>\bad12
- <Current directory>\bad165
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEE4.tmp
- <Current directory>\bad119
- <Current directory>\bad13
- <Current directory>\bad114
- <Current directory>\bad118
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe to <Current directory>\bad30
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe to <Current directory>\bad82
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe to <Current directory>\bad173
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ngen.exe to <Current directory>\bad196
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ilasm.exe to <Current directory>\bad4
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe to <Current directory>\bad39
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe to <Current directory>\bad118
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe to <Current directory>\bad0
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe to <Current directory>\bad34
- from <SYSTEM32>\MRT.exe to <Current directory>\bad113
- from %WINDIR%\sleep.exe to <Current directory>\bad159
- from <SYSTEM32>\vmicsvc.exe to <Current directory>\bad191
- from <SYSTEM32>\sleep.exe to <Current directory>\bad74
- from %WINDIR%\sfk.exe to <Current directory>\bad89
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe to <Current directory>\bad80
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe to <Current directory>\bad9
- from %WINDIR%\Microsoft.NET\NETFXRepair.exe to <Current directory>\bad192
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe to <Current directory>\bad167
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe to <Current directory>\bad163
- from %WINDIR%\assembly\NativeImages_v2.0.50727_32\ehExtHost\778542790c617b0394213b0a542e3ef2\ehExtHost.ni.exe to <Current directory>\bad20
- from %WINDIR%\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\3912b69593af13d0922279a063e5af66\ComSvcConfig.ni.exe to <Current directory>\bad42
- from %WINDIR%\assembly\NativeImages_v2.0.50727_32\mcupdate\ef1649ac80ee0bfe0eaf5b677a46bbf4\mcupdate.ni.exe to <Current directory>\bad33
- from %WINDIR%\assembly\NativeImages_v2.0.50727_32\LoadMxf\22c718bcf8d41793155223e7e1afec99\LoadMxf.ni.exe to <Current directory>\bad138
- from %WINDIR%\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe to <Current directory>\bad132
- from %WINDIR%\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe to <Current directory>\bad122
- from %WINDIR%\assembly\GAC_32\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe to <Current directory>\bad107
- from %WINDIR%\assembly\GAC_MSIL\loadmxf\6.1.0.0__31bf3856ad364e35\loadmxf.exe to <Current directory>\bad189
- from %WINDIR%\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe to <Current directory>\bad145
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe to <Current directory>\bad114
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe to <Current directory>\bad118
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe to <Current directory>\bad165
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe to <Current directory>\bad12
- from %WINDIR%\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe to <Current directory>\bad119
- from %WINDIR%\assembly\NativeImages_v4.0.30319_32\dfsvc\1361a05238cfe45d7da6cb4b367a986c\dfsvc.ni.exe to <Current directory>\bad74
- from %WINDIR%\assembly\NativeImages_v2.0.50727_32\Narrator\c1ee01ff40acce2918c5319332bfca20\Narrator.ni.exe to <Current directory>\bad18
- from %WINDIR%\assembly\NativeImages_v4.0.30319_32\WsatConfig\7708e8673f6a5ddc3130203686db0b5b\WsatConfig.ni.exe to <Current directory>\bad13
- from %WINDIR%\assembly\NativeImages_v4.0.30319_32\MSBuild\8ca394271c3a83e44006fd273afee7be\MSBuild.ni.exe to <Current directory>\bad127