Technical Information
- '%TEMP%\DPInst64.exe.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\3mym1zdh.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\e55x5bxs.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\aia3t3ov.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA.tmp" "%TEMP%\CSC9.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\jccq23ba.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\xf4nwrqw.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESC.tmp" "%TEMP%\CSCB.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE.tmp" "%TEMP%\CSCD.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\11yzbyks.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\ajlydyqe.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\o3ajjxk2.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\CSC1.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\ospl10sh.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES8.tmp" "%TEMP%\CSC7.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4.tmp" "%TEMP%\CSC3.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6.tmp" "%TEMP%\CSC5.tmp"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
- %TEMP%\e55x5bxs.0.cs
- %TEMP%\3mym1zdh.out
- %TEMP%\3mym1zdh.cmdline
- %TEMP%\CSCB.tmp
- %TEMP%\e55x5bxs.out
- %TEMP%\e55x5bxs.cmdline
- %TEMP%\ospl10sh.dll
- %TEMP%\CSC9.tmp
- %TEMP%\RES8.tmp
- %TEMP%\aia3t3ov.dll
- %TEMP%\3mym1zdh.0.cs
- %TEMP%\RESA.tmp
- %TEMP%\RESC.tmp
- %TEMP%\35F67.dmp
- %TEMP%\dw.log
- %TEMP%\jccq23ba.out
- %TEMP%\xf4nwrqw.out
- %TEMP%\xf4nwrqw.cmdline
- %TEMP%\xf4nwrqw.0.cs
- %TEMP%\RESE.tmp
- %TEMP%\3mym1zdh.dll
- %TEMP%\CSCD.tmp
- %TEMP%\jccq23ba.cmdline
- %TEMP%\jccq23ba.0.cs
- %TEMP%\e55x5bxs.dll
- %TEMP%\aia3t3ov.out
- %TEMP%\11yzbyks.cmdline
- %TEMP%\11yzbyks.0.cs
- %TEMP%\o3ajjxk2.dll
- %TEMP%\ajlydyqe.cmdline
- %TEMP%\ajlydyqe.0.cs
- %TEMP%\11yzbyks.out
- %TEMP%\o3ajjxk2.cmdline
- %TEMP%\o3ajjxk2.0.cs
- %TEMP%\DPInst64.exe.exe
- %TEMP%\RES2.tmp
- %TEMP%\CSC1.tmp
- %TEMP%\o3ajjxk2.out
- %TEMP%\ajlydyqe.out
- %TEMP%\ospl10sh.out
- %TEMP%\11yzbyks.dll
- %TEMP%\ospl10sh.cmdline
- %TEMP%\aia3t3ov.cmdline
- %TEMP%\aia3t3ov.0.cs
- %TEMP%\CSC7.tmp
- %TEMP%\RES6.tmp
- %TEMP%\CSC5.tmp
- %TEMP%\CSC3.tmp
- %TEMP%\ospl10sh.0.cs
- %TEMP%\ajlydyqe.dll
- %TEMP%\RES4.tmp
- %TEMP%\RESE.tmp
- %TEMP%\CSCB.tmp
- %TEMP%\RESC.tmp
- %TEMP%\3mym1zdh.0.cs
- %TEMP%\3mym1zdh.out
- %TEMP%\CSCD.tmp
- %TEMP%\aia3t3ov.out
- %TEMP%\CSC9.tmp
- %TEMP%\ospl10sh.cmdline
- %TEMP%\aia3t3ov.cmdline
- %TEMP%\aia3t3ov.0.cs
- %TEMP%\aia3t3ov.dll
- %TEMP%\jccq23ba.out
- %TEMP%\jccq23ba.0.cs
- %TEMP%\jccq23ba.cmdline
- %TEMP%\xf4nwrqw.out
- %TEMP%\xf4nwrqw.0.cs
- %TEMP%\xf4nwrqw.cmdline
- %TEMP%\e55x5bxs.0.cs
- %TEMP%\3mym1zdh.dll
- %TEMP%\3mym1zdh.cmdline
- %TEMP%\e55x5bxs.dll
- %TEMP%\e55x5bxs.cmdline
- %TEMP%\e55x5bxs.out
- %TEMP%\RES4.tmp
- %TEMP%\CSC5.tmp
- %TEMP%\RES6.tmp
- %TEMP%\ajlydyqe.0.cs
- %TEMP%\ajlydyqe.cmdline
- %TEMP%\CSC3.tmp
- %TEMP%\o3ajjxk2.cmdline
- %TEMP%\CSC1.tmp
- %TEMP%\RES2.tmp
- %TEMP%\o3ajjxk2.0.cs
- %TEMP%\o3ajjxk2.dll
- %TEMP%\o3ajjxk2.out
- %TEMP%\ospl10sh.0.cs
- %TEMP%\CSC7.tmp
- %TEMP%\RES8.tmp
- %TEMP%\ospl10sh.dll
- %TEMP%\ospl10sh.out
- %TEMP%\RESA.tmp
- %TEMP%\11yzbyks.0.cs
- %TEMP%\ajlydyqe.out
- %TEMP%\ajlydyqe.dll
- %TEMP%\11yzbyks.cmdline
- %TEMP%\11yzbyks.out
- %TEMP%\11yzbyks.dll
- 'sk#######tdns.3utilities.com':80
- 'wp#d':80
- 'localhost':80
- sk#######tdns.3utilities.com/skynet/api.php?cl#################################################################################
- wp#d/wpad.dat
- 12#.0.0.1/skynet/api.php?cl#################################################################################
- DNS ASK sk#######tdns.3utilities.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''