Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TerminalAutoStart' = '%LOCALAPPDATA%\TerminalAutoStart.exe --process-start-args --startup'
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020110420201105\index.dat
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\sq-al\terminal.resources.dll
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\sq-al\terminal.resources.cdf-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\sq-al\terminal.resources.manifest
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\itllib_a7f68656ac394684_0001.0000_none_a6a05412de283569\itllib.dll
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\manifests\itllib_a7f68656ac394684_0001.0000_none_a6a05412de283569.cdf-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\manifests\itllib_a7f68656ac394684_0001.0000_none_a6a05412de283569.manifest
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\ccta..lib2_64d548e3786083c9_0002.0000_none_19dcfb94d106ada9\cctalkcommlib2.dll
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\manifests\ccta..lib2_64d548e3786083c9_0002.0000_none_19dcfb94d106ada9.cdf-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\manifests\ccta..lib2_64d548e3786083c9_0002.0000_none_19dcfb94d106ada9.manifest
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\terminal.exe
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\terminal.cdf-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\terminal.manifest
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\fr-fr\terminal.resources.dll
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\fr-fr\terminal.resources.cdf-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\fr-fr\terminal.resources.manifest
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term...exe_b968d3014b52419c_0001.0000_none_3a8c0d8d63f0a295\icon.ico
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term...exe_b968d3014b52419c_0001.0000_none_3a8c0d8d63f0a295\terminalscroll.js
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\de-de\terminal.resources.manifest
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\de-de\terminal.resources.cdf-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\de-de\terminal.resources.dll
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\tr-tr\terminal.resources.manifest
- %TEMP%\tmpd0c6.tmp
- %LOCALAPPDATA%\terminalautostart.exe
- %HOMEPATH%\desktop\tipwin terminal.appref-ms
- %APPDATA%\microsoft\windows\start menu\programs\tipwin\tipwin\tipwin terminal.appref-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\da-dk\terminal.resources.dll
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\da-dk\terminal.resources.cdf-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\da-dk\terminal.resources.manifest
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\nl-nl\terminal.resources.dll
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\nl-nl\terminal.resources.manifest
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\nl-nl\terminal.resources.cdf-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\it-it\terminal.resources.dll
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\it-it\terminal.resources.cdf-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\it-it\terminal.resources.manifest
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\en-us\terminal.resources.dll
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\en-us\terminal.resources.cdf-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\en-us\terminal.resources.manifest
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\tr-tr\terminal.resources.dll
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\tr-tr\terminal.resources.cdf-ms
- %TEMP%\tmpd0e6.tmp
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term...exe_b968d3014b52419c_0001.0000_none_3a8c0d8d63f0a295\javascript.js
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term...exe_b968d3014b52419c_0001.0000_none_3a8c0d8d63f0a295\icon_red.ico
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term...exe_b968d3014b52419c_0001.0000_none_3a8c0d8d63f0a295\tvstyle.css
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\de-de\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\sq-al\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\itllib.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\cctalkcommlib2.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\terminal.exe
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\fr-fr\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\terminal.exe.config
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\terminalscroll.js
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\javascript.js
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\icon_red.ico
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\tvstyle.css
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\link882.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\terminal.css
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\icon.ico
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\terminal.exe.manifest
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\932a2db58c237abd381d22df4c63a04a_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %TEMP%\deployment\29l7oom9.2ck\bydx4lye.gtj.application
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\tr-tr\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\en-us\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\it-it\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\nl-nl\terminal.resources.dll
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term...exe_b968d3014b52419c_0001.0000_none_3a8c0d8d63f0a295\terminal.css
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term...exe_b968d3014b52419c_0001.0000_none_3a8c0d8d63f0a295\terminal.exe.config
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\manifests\term...exe_b968d3014b52419c_0001.0000_none_3a8c0d8d63f0a295.cdf-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\manifests\term...exe_b968d3014b52419c_0001.0000_none_3a8c0d8d63f0a295.manifest
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\manifests\term..tion_b968d3014b52419c_0001.0000_none_8286a86686105d88.cdf-ms
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\manifests\term..tion_b968d3014b52419c_0001.0000_none_8286a86686105d88.manifest
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\da-dk\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\nl-nl\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\en-us\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\it-it\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\tr-tr\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\de-de\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\sq-al\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\itllib.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\cctalkcommlib2.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\terminal.exe.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\fr-fr\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\da-dk\terminal.resources.dll
- %LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term...exe_b968d3014b52419c_0001.0000_none_3a8c0d8d63f0a295\link882.dll
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\aa86f927d97798f6fbc966a2a984d7e1_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\cctalkcommlib2.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\nl-nl\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\nl-nl\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\sq-al\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\sq-al\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\terminal.css
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\terminal.exe
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\terminal.exe.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\fr-fr\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\terminal.exe.manifest
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\terminalscroll.js
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\tr-tr\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\tr-tr\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\tvstyle.css
- %TEMP%\deployment\29l7oom9.2ck\bydx4lye.gtj.application
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\link882.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\javascript.js
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\itllib.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\itllib.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\it-it\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\it-it\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\icon_red.ico
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\icon.ico
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\fr-fr\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\terminal.exe.config
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\en-us\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\en-us\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\de-de\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\de-de\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\da-dk\terminal.resources.dll.genman
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\da-dk\terminal.resources.dll
- %TEMP%\deployment\6ve3e8nl.hpn\qbx5wejk.7zz\cctalkcommlib2.dll.genman
- %TEMP%\tmpd0c6.tmp
- %TEMP%\tmpd0e6.tmp
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK tw#.#ipwin.com
- DNS ASK microsoft.com
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%LOCALAPPDATA%\apps\2.0\8b1tzdwo.h85\aoqhdq7g.720\term..tion_b968d3014b52419c_0001.0000_0a9ea4838abe8d96\terminal.exe'
- '%LOCALAPPDATA%\terminalautostart.exe'
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe' https://tw2.tipwin.com/bet-clients/Terminal/terminal.application' (with hidden window)
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe' https://tw2.tipwin.com/bet-clients/Terminal/terminal.application
- '%WINDIR%\microsoft.net\framework64\v4.0.30319\dfsvc.exe'