Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\sqdubsfvqd.url
- %TEMP%\ixp000.tmp\conduco.docx
- %TEMP%\ixp000.tmp\impedire.docx
- %TEMP%\ixp000.tmp\appartiene.docx
- %TEMP%\ixp000.tmp\sta.docx
- %TEMP%\ixp000.tmp\tutti.exe.com
- %TEMP%\ixp000.tmp\s
- %APPDATA%\xxxfxyagdb\i
- %APPDATA%\xxxfxyagdb\sqdubsfvqd.exe.com
- %APPDATA%\xxxfxyagdb\appartiene.docx
- %APPDATA%\xxxfxyagdb\fmqihkodmfpv.js
- %TEMP%\ixp000.tmp\s
- %TEMP%\ixp000.tmp\appartiene.docx
- %TEMP%\ixp000.tmp\sta.docx
- %TEMP%\ixp000.tmp\impedire.docx
- %TEMP%\ixp000.tmp\conduco.docx
- %TEMP%\ixp000.tmp\tutti.exe.com
- DNS ASK Ep#####QEqP.EpVldJKQEqP
- '%TEMP%\ixp000.tmp\tutti.exe.com' s
- '%WINDIR%\syswow64\cmd.exe' /c cmd < Sta.docx' (with hidden window)
- '%WINDIR%\syswow64\dllhost.exe' ' (with hidden window)
- '%WINDIR%\syswow64\dllhost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c cmd < Sta.docx
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\findstr.exe' /V /R "^cpRioVCHzxPARhqNKZxUSxSjBROxGBfdTAAnUmNDiQEXIwXcFphmhdHqsEGduiwRymHdMCSkkQNeQUEmUaPbhQeCTmufTbvZPMSpxGJrdehvDFpvquv$" Conduco.docx
- '%WINDIR%\syswow64\ping.exe' localhost