Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\tqdpoenarben.exe
- <Drive name for removable media>:\correct.avi
- <Drive name for removable media>:\sdszfo.docx
- <Drive name for removable media>:\aoc_saq_d_v3_merchant.docx
- <Drive name for removable media>:\applicantform_en.doc.exe
- <Drive name for removable media>:\sdksampleprivdeveloper.cer.exe
- <Drive name for removable media>:\uep_form_786_bulletin_1726i602.doc.exe
- <Drive name for removable media>:\holycrosschurchinstructions.docx
- <Drive name for removable media>:\508softwareandos.doc.exe
- <Drive name for removable media>:\contoso_1.cer.exe
- <Drive name for removable media>:\ovp25012015.doc
- <Drive name for removable media>:\508softwareandos.doc
- <Drive name for removable media>:\uep_form_786_bulletin_1726i602.doc
- <Drive name for removable media>:\applicantform_en.doc
- <Drive name for removable media>:\testcertificate.cer.exe
- <Drive name for removable media>:\pmd.cer
- <Drive name for removable media>:\sdksampleprivdeveloper.cer
- <Drive name for removable media>:\contoso_1.cer
- <Drive name for removable media>:\testcertificate.cer
- <Drive name for removable media>:\dashborder_192.bmp.exe
- <Drive name for removable media>:\delete.avi.exe
- <Drive name for removable media>:\correct.avi.exe
- <Drive name for removable media>:\archer.avi.exe
- <Drive name for removable media>:\dashborder_192.bmp
- <Drive name for removable media>:\dashborder_144.bmp
- <Drive name for removable media>:\tileimage.bmp
- <Drive name for removable media>:\toolbar.bmp
- <Drive name for removable media>:\dialmap.bmp
- <Drive name for removable media>:\archer.avi
- <Drive name for removable media>:\delete.avi
- <Drive name for removable media>:\gjryaxsrhq\hxxwwiriji.exe
- <Drive name for removable media>:\file_p_00000000_1371597592.docx
- <Drive name for removable media>:\thlps_keeper_mayer_1965.docx
- '%WINDIR%\syswow64\at.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\applaunch.exe
- %ALLUSERSPROFILE%\kjanahnqul\kjanahnqul.ico
- %ALLUSERSPROFILE%\kskwnugixh\holycrosschurchinstructions.docx.ico
- %ALLUSERSPROFILE%\kskwnugixh\lkqlmdnqqt
- %TEMP%\~temp1454600.tmp
- %ALLUSERSPROFILE%\kskwnugixh\ovp25012015.doc.ico
- %TEMP%\~temp1450653.tmp
- %TEMP%\~temp1449701.tmp
- %TEMP%\rcx3793.tmp
- %TEMP%\~temp1448812.tmp
- %ALLUSERSPROFILE%\kskwnugixh\biiemrlrfw
- %ALLUSERSPROFILE%\kskwnugixh\508softwareandos.doc.ico
- %ALLUSERSPROFILE%\kskwnugixh\kvijqnrmbl
- %ALLUSERSPROFILE%\kskwnugixh\uep_form_786_bulletin_1726i602.doc.ico
- %ALLUSERSPROFILE%\kskwnugixh\raxbwulbao
- %ALLUSERSPROFILE%\kskwnugixh\applicantform_en.doc.ico
- %TEMP%\~temp1450715.tmp
- %TEMP%\rcx3764.tmp
- %TEMP%\rcx3c06.tmp
- %TEMP%\rcx3cf0.tmp
- %ALLUSERSPROFILE%\kskwnugixh\sgvjpskqgd
- %TEMP%\~temp1462478.tmp
- %TEMP%\~temp1462244.tmp
- %ALLUSERSPROFILE%\kskwnugixh\thlps_keeper_mayer_1965.docx.ico
- %ALLUSERSPROFILE%\kskwnugixh\file_p_00000000_1371597592.docx.ico
- %TEMP%\rcx4c0d.tmp
- %TEMP%\rcx4a1a.tmp
- %TEMP%\~temp1460543.tmp
- %ALLUSERSPROFILE%\kskwnugixh\oqnvjyhbdy
- %TEMP%\~temp1460434.tmp
- %ALLUSERSPROFILE%\kskwnugixh\sdszfo.docx.ico
- %ALLUSERSPROFILE%\kskwnugixh\gjotxyueai
- %ALLUSERSPROFILE%\kskwnugixh\aoc_saq_d_v3_merchant.docx.ico
- %ALLUSERSPROFILE%\kskwnugixh\kdtnjiprid
- %TEMP%\rcx3c83.tmp
- %ALLUSERSPROFILE%\kskwnugixh\qasauxyihp
- %TEMP%\rcx5225.tmp
- %TEMP%\rcxbc3.tmp
- %ALLUSERSPROFILE%\kskwnugixh\acwyseomqg
- %ALLUSERSPROFILE%\kskwnugixh\tileimage.bmp.ico
- %ALLUSERSPROFILE%\kskwnugixh\tyrnrrixnl
- %ALLUSERSPROFILE%\kskwnugixh\toolbar.bmp.ico
- %ALLUSERSPROFILE%\kskwnugixh\bvmwfenusg
- %ALLUSERSPROFILE%\kskwnugixh\dialmap.bmp.ico
- %ALLUSERSPROFILE%\kskwnugixh\jekyrkarvw
- %ALLUSERSPROFILE%\kskwnugixh\cmoomoqmdj
- %ALLUSERSPROFILE%\kskwnugixh\archer.avi.ico
- %ALLUSERSPROFILE%\kskwnugixh\delete.avi.ico
- %ALLUSERSPROFILE%\kskwnugixh\qrxyrbposp
- %ALLUSERSPROFILE%\kskwnugixh\correct.avi.ico
- %ALLUSERSPROFILE%\kskwnugixh\mkythmmopr
- %ALLUSERSPROFILE%\kskwnugixh\kskwnugixh.ico
- %ALLUSERSPROFILE%\kjanahnqul\mspksyuplv
- %ALLUSERSPROFILE%\kskwnugixh\orpamffhkh
- %ALLUSERSPROFILE%\kskwnugixh\dashborder_144.bmp.ico
- %ALLUSERSPROFILE%\kskwnugixh\nqbthbuaja
- %ALLUSERSPROFILE%\kskwnugixh\dashborder_192.bmp.ico
- %TEMP%\~temp1434897.tmp
- %ALLUSERSPROFILE%\kskwnugixh\sdksampleprivdeveloper.cer.ico
- %ALLUSERSPROFILE%\kskwnugixh\osupwdrnmk
- %ALLUSERSPROFILE%\kskwnugixh\contoso_1.cer.ico
- %ALLUSERSPROFILE%\kskwnugixh\fiswnawwsa
- %ALLUSERSPROFILE%\kskwnugixh\testcertificate.cer.ico
- %TEMP%\rcxa479.tmp
- %TEMP%\~temp1411949.tmp
- %TEMP%\rcx8314.tmp
- %TEMP%\rcx6863.tmp
- %TEMP%\~temp1401310.tmp
- %TEMP%\~temp1399937.tmp
- %TEMP%\rcx5c42.tmp
- %TEMP%\~temp1399079.tmp
- %ALLUSERSPROFILE%\kskwnugixh\fcmtwktsgh
- %ALLUSERSPROFILE%\kskwnugixh\pmd.cer.ico
- %TEMP%\rcx533e.tmp
- <Drive name for removable media>:\gjryaxsrhq\hxxwwiriji.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\tqdpoenarben.exe
- from %TEMP%\rcx5c42.tmp to %TEMP%\~temp1399079.tmp
- from %TEMP%\rcx6863.tmp to %TEMP%\~temp1399937.tmp
- from %TEMP%\rcx8314.tmp to %TEMP%\~temp1401310.tmp
- from %TEMP%\rcxa479.tmp to %TEMP%\~temp1411949.tmp
- from %TEMP%\rcxbc3.tmp to %TEMP%\~temp1434897.tmp
- from %TEMP%\rcx3793.tmp to %TEMP%\~temp1449701.tmp
- from %TEMP%\rcx3764.tmp to %TEMP%\~temp1454600.tmp
- from %TEMP%\rcx3c06.tmp to %TEMP%\~temp1450715.tmp
- from %TEMP%\rcx3cf0.tmp to %TEMP%\~temp1448812.tmp
- from %TEMP%\rcx3c83.tmp to %TEMP%\~temp1450653.tmp
- from %TEMP%\rcx4a1a.tmp to %TEMP%\~temp1460434.tmp
- from %TEMP%\rcx4c0d.tmp to %TEMP%\~temp1460543.tmp
- from %TEMP%\rcx5225.tmp to %TEMP%\~temp1462244.tmp
- from %TEMP%\rcx533e.tmp to %TEMP%\~temp1462478.tmp
- 'za#####1.duckdns.org':6870
- 'za#####1.duckdns.org':6870
- DNS ASK za#####1.duckdns.org
- '%WINDIR%\microsoft.net\framework\v2.0.50727\applaunch.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\qrxyrbposp" /out "<Drive name for removable media>:\correct.avi.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\correct.avi.ico" /bin "%ALLUSERSPROFILE%\kskwnugixh\mk...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\applaunch.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\orpamffhkh" /out "<Drive name for removable media>:\delete.avi.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\delete.avi.ico" /bin "%ALLUSERSPROFILE%\kskwnugixh\mkyt...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\applaunch.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\jekyrkarvw" /out "<Drive name for removable media>:\archer.avi.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\archer.avi.ico" /bin "%ALLUSERSPROFILE%\kskwnugixh\mkyt...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\fcmtwktsgh" /out "<Drive name for removable media>:\dashBorder_192.bmp.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\dashBorder_192.bmp.ico" /bin "%ALLUSERSPROFILE%...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\applaunch.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\fiswnawwsa" /out "<Drive name for removable media>:\TestCertificate.cer.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\TestCertificate.cer.ico" /bin "%ALLUSERSPROFIL...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\osupwdrnmk" /out "<Drive name for removable media>:\contoso_1.cer.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\contoso_1.cer.ico" /bin "%ALLUSERSPROFILE%\kskwnugix...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\acwyseomqg" /out "<Drive name for removable media>:\SDKSamplePrivDeveloper.cer.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\SDKSamplePrivDeveloper.cer.ico" /bin "%...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\raxbwulbao" /out "<Drive name for removable media>:\applicantform_en.doc.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\applicantform_en.doc.ico" /bin "%ALLUSERSPROF...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\kvijqnrmbl" /out "<Drive name for removable media>:\uep_form_786_bulletin_1726i602.doc.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\uep_form_786_bulletin_1726i602....
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\biiemrlrfw" /out "<Drive name for removable media>:\508softwareandos.doc.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\508softwareandos.doc.ico" /bin "%ALLUSERSPROF...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\kdtnjiprid" /out "<Drive name for removable media>:\holycrosschurchinstructions.docx.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\holycrosschurchinstructions.docx....
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\gjotxyueai" /out "<Drive name for removable media>:\aoc_saq_d_v3_merchant.docx.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\aoc_saq_d_v3_merchant.docx.ico" /bin "%...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\oqnvjyhbdy" /out "<Drive name for removable media>:\sdszfo.docx.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\sdszfo.docx.ico" /bin "%ALLUSERSPROFILE%\kskwnugixh\mk...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\applaunch.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\oqnvjyhbdy" /out "<Drive name for removable media>:\file_p_00000000_1371597592.docx.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\file_p_00000000_1371597592.docx.ic...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\applaunch.exe' /in "%ALLUSERSPROFILE%\kskwnugixh\sgvjpskqgd" /out "<Drive name for removable media>:\thlps_keeper_mayer_1965.docx.exe" /icon "%ALLUSERSPROFILE%\kskwnugixh\thlps_keeper_mayer_1965.docx.ico" /bi...