Technical Information
- %WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- <LS_APPDATA>\google\chrome\user data\default\login data
- %APPDATA%\opera software\opera stable\login data
- %HOMEPATH%\none
- %TEMP%\tmp1d87.tmp
- %TEMP%\tmp1366.tmp
- %TEMP%\tmpff32.tmp
- %TEMP%\tmpe63b.tmp
- %TEMP%\tmpe38c.tmp
- %TEMP%\tmpd321.tmp
- %TEMP%\tmpc7c6.tmp
- %TEMP%\tmpc43c.tmp
- %TEMP%\tmpb306.tmp
- %TEMP%\tmp9666.tmp
- %TEMP%\tmp908a.tmp
- %TEMP%\tmp64a7.tmp
- %TEMP%\tmp49cc.tmp
- %TEMP%\tmp477b.tmp
- %TEMP%\tmp55b3.tmp
- %TEMP%\chp884d.tmp
- %TEMP%\chp883e.tmp
- %TEMP%\chp8772.tmp
- %TEMP%\tmp49ad.tmp
- %TEMP%\chp8763.tmp
- %TEMP%\chp8743.tmp
- %TEMP%\chp8704.tmp
- <LS_APPDATA>\microsoft\vault\4bf4c442-9b8a-41a0-b380-dd4a704ddb28\policy.vpol
- %PROGRAMDATA%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\2f1a6504-0641-44cf-8bb5-3612d865f2e5.vsch
- %PROGRAMDATA%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\3ccd5499-87a8-4b10-a215-608888dd3b55.vsch
- %PROGRAMDATA%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\policy.vpol
- %TEMP%\e1dcdda0-d0aa-ec7e-1ab3-077436294010
- %TEMP%\tmp2b33.tmp
- %TEMP%\tmp3d73.tmp
- %TEMP%\chp8704.tmp
- %TEMP%\chp8743.tmp
- %TEMP%\chp8763.tmp
- %TEMP%\chp8772.tmp
- %TEMP%\chp883e.tmp
- %TEMP%\chp884d.tmp
- %TEMP%\tmp49ad.tmp
- %TEMP%\tmp908a.tmp
- %TEMP%\tmp64a7.tmp
- %TEMP%\tmp477b.tmp
- %TEMP%\tmp49cc.tmp
- %TEMP%\tmp55b3.tmp
- %TEMP%\tmpd321.tmp
- %TEMP%\tmp9666.tmp
- %TEMP%\chp8704.tmp
- %TEMP%\chp8743.tmp
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp477B.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp65BC.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp6936.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp6A6F.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp7DB9.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp85A8.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp873F.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpA0C2.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpE24E.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpA91F.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpAF0A.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpBBDB.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpC9A7.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' /stext "%TEMP%\tmpD917.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpDD2E.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp5800.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp9009.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp3D73.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpB306.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp49AD.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp49CC.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp55B3.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp64A7.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp908A.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp9666.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpC43C.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp1D87.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpC7C6.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpD321.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpE38C.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpE63B.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpFF32.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp1366.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp2B33.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpEB29.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp6936.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp6A6F.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp7DB9.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp85A8.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp873F.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp5800.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp65BC.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp9009.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpAF0A.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpBBDB.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpC9A7.tmp"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' /stext "%TEMP%\tmpD917.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpDD2E.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpA0C2.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpA91F.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp3D73.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp2B33.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp1D87.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp49AD.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp49CC.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp55B3.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp64A7.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp908A.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp9666.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp477B.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpB306.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpC7C6.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpD321.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpE38C.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpE63B.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpFF32.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp1366.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpC43C.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpE24E.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmpEB29.tmp"