Technical Information
- [<HKLM>\System\CurrentControlSet\Services\RwDrv] 'ImagePath' = '<DRIVERS>\RwDrv.sys'
- [<HKLM>\System\CurrentControlSet\Services\GENERICDRV] 'ImagePath' = '%TEMP%\7ZipSfx.000\amifldrv32.sys'
- [<HKLM>\System\CurrentControlSet\Services\iscFlash] 'ImagePath' = '%TEMP%\7ZipSfx.000\iscflash.sys'
- [<HKLM>\System\CurrentControlSet\Services\pmxdrv] 'ImagePath' = '<DRIVERS>\pmxdrv.sys'
- %TEMP%\7zipsfx.000\go.bat
- %TEMP%\7zipsfx.000\10.0.30.1054\pmxdll.dll
- %TEMP%\7zipsfx.000\2.0.0.2056\pmxdll.dll
- %TEMP%\7zipsfx.000\amifldrv32.sys
- %TEMP%\7zipsfx.000\amifldrv64.sys
- %TEMP%\7zipsfx.000\iscflash.sys
- %TEMP%\7zipsfx.000\iscflashx64.sys
- %TEMP%\7zipsfx.000\info.txt
- nul
- <DRIVERS>\rwdrv.sys
- %TEMP%\7zipsfx.000\acpitbls.bin
- %TEMP%\7zipsfx.000\config.dms
- %TEMP%\7zipsfx.000\8.1.51.1476\pmxdll.dll
- %TEMP%\7zipsfx.000\9.1.10.1000\pmxdll.dll
- %TEMP%\7zipsfx.000\nvram.txt
- %TEMP%\7zipsfx.000\2.0.0.2056\error.log
- %TEMP%\7zipsfx.000\read-error_2.0.0.2056.png
- %TEMP%\7zipsfx.000\8.1.51.1476\error.log
- %TEMP%\7zipsfx.000\read-error_8.1.51.1476.png
- %TEMP%\7zipsfx.000\9.1.10.1000\error.log
- %TEMP%\7zipsfx.000\read-error_9.1.10.1000.png
- %TEMP%\7zipsfx.000\10.0.30.1054\error.log
- %TEMP%\7zipsfx.000\read-error_10.0.30.1054.png
- %TEMP%\ginstall.dll
- %TEMP%\7zipsfx.000\hidcon.exe
- %TEMP%\7zipsfx.000\rarreg
- %TEMP%\7zipsfx.000\14.00.67_info.png
- <DRIVERS>\pmxdrv.sys
- %TEMP%\7zipsfx.000\iscflashx64.dll
- %TEMP%\7zipsfx.000\iscflash.dll
- %TEMP%\7zipsfx.000\2.0.0.2056\idrvdll.dll
- %TEMP%\7zipsfx.000\2.0.0.2056\read.bat
- %TEMP%\7zipsfx.000\8.1.51.1476\read.bat
- %TEMP%\7zipsfx.000\9.1.10.1000\read.bat
- %TEMP%\7zipsfx.000\9.1.10.1000\fparts.txt
- %TEMP%\7zipsfx.000\8.1.51.1476\fparts.txt
- %TEMP%\7zipsfx.000\10.0.30.1054\fparts.txt
- %TEMP%\7zipsfx.000\2.0.0.2056\fparts.txt
- %TEMP%\7zipsfx.000\afuwin4x32.exe
- %TEMP%\7zipsfx.000\afuwin4x64.exe
- %TEMP%\7zipsfx.000\afuwin5x32.exe
- %TEMP%\7zipsfx.000\afuwin5x64.exe
- %TEMP%\7zipsfx.000\amide.exe
- %TEMP%\7zipsfx.000\10.0.30.1054\read.bat
- %TEMP%\7zipsfx.000\fin.exe
- %TEMP%\7zipsfx.000\9.1.10.1000\fptw.exe
- %TEMP%\7zipsfx.000\10.0.30.1054\fptw.exe
- %TEMP%\7zipsfx.000\2.0.0.2056\fptw.exe
- %TEMP%\7zipsfx.000\h2offt-wx32.exe
- %TEMP%\7zipsfx.000\h2offt-wx64.exe
- %TEMP%\7zipsfx.000\ma.exe
- %TEMP%\7zipsfx.000\rw.exe
- %TEMP%\7zipsfx.000\sce.exe
- %TEMP%\7zipsfx.000\skhot.exe
- %TEMP%\7zipsfx.000\8.1.51.1476\idrvdll.dll
- %TEMP%\7zipsfx.000\9.1.10.1000\idrvdll.dll
- %TEMP%\7zipsfx.000\10.0.30.1054\idrvdll.dll
- %TEMP%\7zipsfx.000\8.1.51.1476\fptw.exe
- %TEMP%\7zipsfx.000\ra.exe
- %TEMP%\7zipsfx.000\result.rar
- <DRIVERS>\rwdrv.sys
- %TEMP%\7zipsfx.000\hidcon.exe
- %TEMP%\7zipsfx.000\ra.exe
- %TEMP%\7zipsfx.000\info.txt
- %TEMP%\7zipsfx.000\nvram.txt
- %TEMP%\7zipsfx.000\acpitbls.bin
- %TEMP%\7zipsfx.000\14.00.67_info.png
- %TEMP%\7zipsfx.000\read-error_10.0.30.1054.png
- %TEMP%\7zipsfx.000\read-error_2.0.0.2056.png
- %TEMP%\7zipsfx.000\read-error_8.1.51.1476.png
- %TEMP%\7zipsfx.000\read-error_9.1.10.1000.png
- %TEMP%\7zipsfx.000\config.dms
- %TEMP%\7zipsfx.000\read-error_10.0.30.1054.log
- %TEMP%\7zipsfx.000\read-error_2.0.0.2056.log
- %TEMP%\7zipsfx.000\read-error_8.1.51.1476.log
- %TEMP%\7zipsfx.000\read-error_9.1.10.1000.log
- %TEMP%\7zipsfx.000\rarreg
- %TEMP%\ginstall.dll
- from %TEMP%\7zipsfx.000\2.0.0.2056\error.log to %TEMP%\7zipsfx.000\read-error_2.0.0.2056.log
- from %TEMP%\7zipsfx.000\8.1.51.1476\error.log to %TEMP%\7zipsfx.000\read-error_8.1.51.1476.log
- from %TEMP%\7zipsfx.000\9.1.10.1000\error.log to %TEMP%\7zipsfx.000\read-error_9.1.10.1000.log
- from %TEMP%\7zipsfx.000\10.0.30.1054\error.log to %TEMP%\7zipsfx.000\read-error_10.0.30.1054.log
- from %TEMP%\7zipsfx.000\result.rar to %TEMP%\7zipsfx.000\p8h77-v le_result.rar
- from %TEMP%\7zipsfx.000\p8h77-v le_result.rar to %HOMEPATH%\desktop\p8h77-v le_result.rar
- '%TEMP%\7zipsfx.000\ma.exe'
- '%TEMP%\7zipsfx.000\fin.exe'
- '%TEMP%\7zipsfx.000\skhot.exe' /capture=2 /convert=read-ERROR_10.0.30.1054.png
- '%TEMP%\7zipsfx.000\10.0.30.1054\fptw.exe' -i
- '%TEMP%\7zipsfx.000\10.0.30.1054\fptw.exe' -ver
- '%TEMP%\7zipsfx.000\skhot.exe' /capture=2 /convert=read-ERROR_9.1.10.1000.png
- '%TEMP%\7zipsfx.000\9.1.10.1000\fptw.exe' -i
- '%TEMP%\7zipsfx.000\9.1.10.1000\fptw.exe' -ver
- '%TEMP%\7zipsfx.000\skhot.exe' /capture=2 /convert=read-ERROR_8.1.51.1476.png
- '%TEMP%\7zipsfx.000\8.1.51.1476\fptw.exe' -i
- '%TEMP%\7zipsfx.000\hidcon.exe' Ra.exe m -oi:1000000 -ma5 -md32m result.rar -k -sm0 -hp"YZp3PrVsF4eje9o4B1iTOS5RXXP" *result.rar *.txt *.bin *.png *.dms *.log 9*.db ACPITBLS.BIN.BAK
- '%TEMP%\7zipsfx.000\8.1.51.1476\fptw.exe' -ver
- '%TEMP%\7zipsfx.000\2.0.0.2056\fptw.exe' -i
- '%TEMP%\7zipsfx.000\2.0.0.2056\fptw.exe' -ver
- '%TEMP%\7zipsfx.000\skhot.exe' /capture=2 /convert=14.00.67_info.png
- '%TEMP%\7zipsfx.000\h2offt-wx32.exe' x32_insydebak.bin -g
- '%TEMP%\7zipsfx.000\afuwin4x32.exe' x32_afubak4.bin /O
- '%TEMP%\7zipsfx.000\afuwin5x32.exe' x32_afubak5.bin /O
- '%TEMP%\7zipsfx.000\sce.exe' /o /s nvram.txt /D
- '%TEMP%\7zipsfx.000\amide.exe' /dms
- '%TEMP%\7zipsfx.000\rw.exe' /command=">save acpitbls.bin acpi" /stdout
- '%TEMP%\7zipsfx.000\skhot.exe' /capture=2 /convert=read-ERROR_2.0.0.2056.png
- '%TEMP%\7zipsfx.000\ra.exe' m -oi:1000000 -ma5 -md32m result.rar -k -sm0 -hp"YZp3PrVsF4eje9o4B1iTOS5RXXP" *result.rar *.txt *.bin *.png *.dms *.log 9*.db ACPITBLS.BIN.BAK
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZipSfx.000\go.bat" "
- '<SYSTEM32>\chcp.com' 1251
- '<SYSTEM32>\cmd.exe' /c reg query "hklm\software\classes\clsid\{00021400-0000-0000-c000-000000000046}" /ve
- '<SYSTEM32>\reg.exe' query "hklm\software\classes\clsid\{00021400-0000-0000-c000-000000000046}" /ve
- '<SYSTEM32>\chcp.com' 866
- '<SYSTEM32>\cmd.exe' /c fptw -ver