Technical Information
- %TEMP%\is-tmmqo.tmp\<File name>.tmp
- %TEMP%\is-aaru2.tmp\_isetup\_setup64.tmp
- %TEMP%\is-aaru2.tmp\_isetup\_isdecmp.dll
- %TEMP%\is-aaru2.tmp\_isetup\_iscrypt.dll
- %ProgramFiles(x86)%\sonar lite\is-e9ku7.tmp
- %ProgramFiles(x86)%\sonar lite\is-uor78.tmp
- %ProgramFiles(x86)%\sonar lite\is-lvgtl.tmp
- %ProgramFiles(x86)%\sonar lite\locale\en\lc_messages\is-lnkrv.tmp
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\ckm sonar lite\sonar lite.lnk
- %ProgramFiles(x86)%\sonar lite\unins000.dat
- from %ProgramFiles(x86)%\sonar lite\is-e9ku7.tmp to %ProgramFiles(x86)%\sonar lite\unins000.exe
- from %ProgramFiles(x86)%\sonar lite\is-uor78.tmp to %ProgramFiles(x86)%\sonar lite\snlsvc.exe
- from %ProgramFiles(x86)%\sonar lite\is-lvgtl.tmp to %ProgramFiles(x86)%\sonar lite\lame_enc.dll
- from %ProgramFiles(x86)%\sonar lite\locale\en\lc_messages\is-lnkrv.tmp to %ProgramFiles(x86)%\sonar lite\locale\en\lc_messages\default.mo
- 'op###olad.com':80
- http://op###olad.com/v2/events
- DNS ASK op###olad.com
- ClassName: 'kijdroijgrugh9ehqhruhg' WindowName: ''
- '%TEMP%\is-tmmqo.tmp\<File name>.tmp' /SL5="$12022C,8213384,64000,<Full path to file>"
- '%ProgramFiles(x86)%\sonar lite\snlsvc.exe' <File name>.exe