Technical Information
- '%TEMP%\is-I1TIJ.tmp\tcwpx.exe' /p 1 %TEMP%\is-I1TIJ.tmp\pxtmpdata.mx
- '%TEMP%\is-I1TIJ.tmp\tcwpx.exe' /p 1 "%TEMP%\is-I1TIJ.tmp\pxtmpdata.mx"
- '%TEMP%\is-HNS2C.tmp\<Virus name>.tmp' /SL5="$40036,683451,83968,<Full path to virus>"
- %TEMP%\1.84\lri.dll
- %TEMP%\1.84\cd.dll
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\7165dd0627e5235ca910f8185935cf31_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\d09606cd-872a-418a-8788-4909d6886a2e
- %TEMP%\1.84\le.dll
- %TEMP%\is-I1TIJ.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-I1TIJ.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-HNS2C.tmp\<Virus name>.tmp
- %TEMP%\1.84\lz.dll
- %TEMP%\is-I1TIJ.tmp\tcwpx.exe
- %TEMP%\is-I1TIJ.tmp\pxtmpdata.mx
- 'tp.###dygamez.com':80
- DNS ASK tp.###dygamez.com
- ClassName: 'Shell_TrayWnd' WindowName: ''