Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'hostslertwapfgm' = '<SYSTEM32>\CMD.EXE /C START "" "%HOMEPATH%\My Documents\njpkycauiewr.exe"'
- %ALLUSERSPROFILE%\start menu\programs\startup\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\startup\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\startup\-!recover!-kycmt++.htm
- %HOMEPATH%\my documents\njpkycauiewr.exe
- %ALLUSERSPROFILE%\start menu\programs\qip 2012\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\qip 2012\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\mirc\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\mirc\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\mirc\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\microsoft office\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\microsoft office\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\microsoft office\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office tools\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office tools\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\microsoft .net framework sdk v1.1\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\steam\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\microsoft .net framework sdk v1.1\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\microsoft .net framework sdk v1.1\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\google chrome\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\google chrome\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\google chrome\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\games\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\games\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\games\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\administrative tools\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office tools\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\accessories\accessibility\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\steam\-!recover!-kycmt++.txt
- C:\documents and settings\default user\application data\microsoft\systemcertificates\my\certificates\-!recover!-kycmt++.png
- C:\documents and settings\default user\application data\microsoft\media player\-!recover!-kycmt++.htm
- C:\documents and settings\default user\application data\microsoft\media player\-!recover!-kycmt++.txt
- C:\documents and settings\default user\application data\microsoft\media player\-!recover!-kycmt++.png
- C:\documents and settings\default user\application data\microsoft\internet explorer\-!recover!-kycmt++.htm
- C:\documents and settings\default user\application data\microsoft\internet explorer\-!recover!-kycmt++.txt
- C:\documents and settings\default user\application data\microsoft\internet explorer\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\administrative tools\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\qip 2012\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\templates\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\winrar\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\winrar\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\winrar\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\templates\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\steam\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\administrative tools\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\accessories\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\accessories\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\documents\my pictures\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\documents\my pictures\sample pictures\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\documents\my pictures\sample pictures\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\documents\my pictures\sample pictures\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\documents\my music\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\documents\my music\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\documents\my music\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\documents\my music\sample playlists\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\documents\my music\sample playlists\-!recover!-kycmt++.txt
- C:\documents and settings\default user\application data\microsoft\systemcertificates\my\certificates\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\documents\my pictures\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\documents\my music\sample music\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\documents\my music\sample music\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\documents\my music\sample music\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\documents\my music\my playlists\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\documents\my music\my playlists\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\documents\my music\my playlists\-!recover!-kycmt++.png
- %HOMEPATH%\my documents\-!recover!-!file!-.txt
- %HOMEPATH%\my documents\desctop._ini
- %ALLUSERSPROFILE%\documents\my music\sample playlists\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\templates\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\documents\my videos\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\documents\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\documents\my videos\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\accessories\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\accessories\entertainment\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\accessories\entertainment\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\accessories\entertainment\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\start menu\programs\accessories\communications\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\accessories\communications\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\documents\my videos\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\start menu\programs\accessories\communications\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\documents\my pictures\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\accessories\accessibility\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\favorites\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\favorites\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\favorites\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\drm\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\drm\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\drm\-!recover!-kycmt++.png
- %ALLUSERSPROFILE%\documents\-!recover!-kycmt++.htm
- %ALLUSERSPROFILE%\documents\-!recover!-kycmt++.txt
- %ALLUSERSPROFILE%\start menu\programs\accessories\accessibility\-!recover!-kycmt++.htm
- C:\documents and settings\default user\application data\microsoft\systemcertificates\my\certificates\-!recover!-kycmt++.htm
- %HOMEPATH%\my documents\njpkycauiewr.exe
- DNS ASK bo####rtablier.com
- '%HOMEPATH%\my documents\njpkycauiewr.exe'
- '<SYSTEM32>\cmd.exe' /c DEL <Full path to file> >> NUL' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c DEL <Full path to file> >> NUL