Technical Information
- %TEMP%\aute0bd.tmp
- %WINDIR%\svchost.exe
- %WINDIR%\readpid.dll
- %WINDIR%\interop.shdocvw.dll
- %WINDIR%\config.txt
- %ProgramFiles(x86)%\svchost\misrosoft\svchost.lnk
- %TEMP%\aute100.tmp
- %ProgramFiles(x86)%\svchost\misrosoft\svchost.exe
- %TEMP%\aute0f0.tmp
- %ProgramFiles(x86)%\svchost\misrosoft\readpid.dll
- %TEMP%\aute0ef.tmp
- %ProgramFiles(x86)%\svchost\misrosoft\interop.shdocvw.dll
- %TEMP%\aute0cf.tmp
- %ProgramFiles(x86)%\svchost\misrosoft\config.txt
- %TEMP%\aute0ce.tmp
- %ProgramFiles(x86)%\svchost\xr.bat
- %WINDIR%\svchost.lnk
- D:\123.txt
- %TEMP%\aute0bd.tmp
- %TEMP%\aute0ce.tmp
- %TEMP%\aute0cf.tmp
- %TEMP%\aute0ef.tmp
- %TEMP%\aute0f0.tmp
- %TEMP%\aute100.tmp
- '%WINDIR%\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c "%ProgramFiles(x86)%\svchost\xr.bat"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%ProgramFiles(x86)%\svchost\xr.bat"