Technical Information
- '%TEMP%\_ir_sf_temp_0\irsetup.exe' __IRAOFF:1746178 "__IRAFN:<Full path to virus>" "__IRCT:3" "__IRTSS:0" "__IRSID:S-1-5-21-2052111302-484763869-725345543-1003"
- '<SYSTEM32>\tasklist.exe' /nh /fi "imagename eq praxishotbackup.exe"
- '<SYSTEM32>\taskkill.exe' /F /IM pp.exe
- '<SYSTEM32>\schtasks.exe' /Query /FO CSV
- ClassName: '' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: '' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass' WindowName: ''
- ClassName: '' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'GBDYLLO' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'FilemonClass' WindowName: ''
- ClassName: 'pediy06' WindowName: ''
- %TEMP%\_ir_sf_temp_0\ts_525_constraints_create_894.sql
- %TEMP%\_ir_sf_temp_0\ts_525_constraints_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_525_indexes_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_525_constraints_count_894.sql
- %TEMP%\_ir_sf_temp_0\ts_tuning_change.sql
- %TEMP%\_ir_sf_temp_0\ts_10_change.sql
- %TEMP%\_ir_sf_temp_0\ts_oracle_security.sql
- %TEMP%\_ir_sf_temp_0\ts_525_indexes_count_968.sql
- %TEMP%\_ir_sf_temp_0\ts_525_tables_create_337.sql
- %TEMP%\_ir_sf_temp_0\ts_525_tables_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_525_views_count_65.sql
- %TEMP%\_ir_sf_temp_0\ts_525_tables_count_338.sql
- %TEMP%\_ir_sf_temp_0\ts_525_indexes_create_968.sql
- %TEMP%\_ir_sf_temp_0\ts_525_indexes_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_525_tables_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_523_indexes_count_968.sql
- %TEMP%\_ir_sf_temp_0\ts_523_indexes_create_968.sql
- %TEMP%\_ir_sf_temp_0\ts_523_indexes_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_523_indexes_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_523_views_count_65.sql
- %TEMP%\_ir_sf_temp_0\ts_523_views_create_65.sql
- %TEMP%\_ir_sf_temp_0\ts_523_views_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_523_constraints_count_879.sql
- %TEMP%\_ir_sf_temp_0\ts_debug_03_history.sql
- %TEMP%\_ir_sf_temp_0\ts_debug_04_days.sql
- %TEMP%\_ir_sf_temp_0\ts_tuning_check.sql
- %TEMP%\_ir_sf_temp_0\ts_debug_02_status.sql
- %TEMP%\_ir_sf_temp_0\ts_523_constraints_create_879.sql
- %TEMP%\_ir_sf_temp_0\ts_523_constraints_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_pending.sql
- %TEMP%\_ir_sf_temp_0\ts_view_encounter_09082014.sql
- %TEMP%\_ir_sf_temp_0\Wow64.lmd
- %TEMP%\_ir_sf_temp_0\FTP.lmd
- %TEMP%\_ir_sf_temp_0\ts_526_indexes_count_prescription_8.sql
- %TEMP%\_ir_sf_temp_0\ts_526_indexes_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_526_indexes_create_970.sql
- %TEMP%\_ir_sf_temp_0\ts_526_indexes_count_970.sql
- %TEMP%\_ir_sf_temp_0\ODBC.lmd
- C:\PTS\TaskScheduler\Task Scheduler - Logs.txt
- C:\PTS\Task Scheduler - Error.txt
- C:\PTS\Task Scheduler - 1.491.txt
- C:\PTS\Task Scheduler - Is running.txt
- %ALLUSERSPROFILE%\Application Data\ruupcemf.ifs
- %TEMP%\tasks.txt
- %TEMP%\_ir_sf_temp_0\ts_526_tables_create_339.sql
- %TEMP%\_ir_sf_temp_0\ts_526_tables_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_526_tables_count_340.sql
- %TEMP%\_ir_sf_temp_0\ts_debug_06_indexes.sql
- %TEMP%\_ir_sf_temp_0\ts_525_views_create_65.sql
- %TEMP%\_ir_sf_temp_0\ts_525_views_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_debug_05_clob.sql
- %TEMP%\_ir_sf_temp_0\ts_526_tables_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_526_constraints_count_883.sql
- %TEMP%\_ir_sf_temp_0\ts_526_constraints_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_526_indexes_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_526_constraints_create_883.sql
- %TEMP%\_ir_sf_temp_0\ts_526_views_create_65.sql
- %TEMP%\_ir_sf_temp_0\ts_526_views_count_65.sql
- %TEMP%\_ir_sf_temp_0\ts_526_views_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_Prx3Usr_connection.sql
- %TEMP%\_ir_sf_temp_0\ts_interfaces_active.sql
- %TEMP%\_ir_sf_temp_0\ts_interfaces_inactive.sql
- %TEMP%\_ir_sf_temp_0\ts_interfaces_start.sql
- %TEMP%\_ir_sf_temp_0\ts_debug_01_ora38029.sql
- %TEMP%\_ir_sf_temp_0\ts_spi.sql
- %TEMP%\_ir_sf_temp_0\ts_interfaces_stop.sql
- %TEMP%\_ir_sf_temp_0\ts_interfaces_inactive_temp.sql
- %TEMP%\_ir_sf_temp_0\ts_view_materialized.sql
- %TEMP%\_ir_sf_temp_0\ts_524_tables_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_524_tables_count_338.sql
- %TEMP%\_ir_sf_temp_0\ts_trace_PPTMS_oracle.sql
- %TEMP%\_ir_sf_temp_0\ts_interfaces_activated.sql
- %TEMP%\_ir_sf_temp_0\ts_PPTMS_connection_1.sql
- %TEMP%\_ir_sf_temp_0\ts_PPTMS_connection_2.sql
- %TEMP%\_ir_sf_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf_temp_0\IRIMG3.JPG
- %TEMP%\_ir_sf_temp_0\Prx_Onsite_Update_2_1.ico
- %TEMP%\_ir_sf_temp_0\IRIMG1.JPG
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %TEMP%\_ir_sf_temp_0\lua5.1.dll
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %TEMP%\_ir_sf_temp_0\pts_instance_status.sql
- %TEMP%\_ir_sf_temp_0\ts_tuning_automatic_1.sql
- %TEMP%\_ir_sf_temp_0\ts_tuning_automatic_2.sql
- %TEMP%\_ir_sf_temp_0\ts_tuning_automatic_3.sql
- %TEMP%\_ir_sf_temp_0\PHARMACIES DOWNLOAD DIRECTORY - V4.4 - SpecialtyType.int
- %TEMP%\_ir_sf_temp_0\pts_oracle_version.sql
- %TEMP%\_ir_sf_temp_0\pts_praxis_version.sql
- %TEMP%\_ir_sf_temp_0\PRESCRIPTIONS CONFIGURATION.int
- %TEMP%\_ir_sf_temp_0\ts_521_indexes_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_521_indexes_count_949.sql
- %TEMP%\_ir_sf_temp_0\ts_521_indexes_create_949.sql
- %TEMP%\_ir_sf_temp_0\ts_521_views_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_521_tables_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_521_views_count_63.sql
- %TEMP%\_ir_sf_temp_0\ts_521_views_create_63.sql
- %TEMP%\_ir_sf_temp_0\ts_521_indexes_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_523_tables_count_338.sql
- %TEMP%\_ir_sf_temp_0\ts_523_tables_create_337.sql
- %TEMP%\_ir_sf_temp_0\ts_523_tables_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_523_tables_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_521_constraints_count_871.sql
- %TEMP%\_ir_sf_temp_0\ts_521_constraints_create_871.sql
- %TEMP%\_ir_sf_temp_0\ts_521_constraints_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_524_views_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_524_indexes_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_524_indexes_count_968.sql
- %TEMP%\_ir_sf_temp_0\ts_524_views_create_65.sql
- %TEMP%\_ir_sf_temp_0\ts_524_tables_create_337.sql
- %TEMP%\_ir_sf_temp_0\ts_524_tables_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_524_views_count_65.sql
- %TEMP%\_ir_sf_temp_0\ts_524_indexes_create_968.sql
- %TEMP%\_ir_sf_temp_0\ts_521_tables_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_521_tables_count_336.sql
- %TEMP%\_ir_sf_temp_0\ts_521_tables_create_335.sql
- %TEMP%\_ir_sf_temp_0\ts_524_constraints_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_524_indexes_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_524_constraints_count_879.sql
- %TEMP%\_ir_sf_temp_0\ts_524_constraints_create_879.sql
- %TEMP%\_ir_sf_temp_0\ts_10_change.sql
- %TEMP%\_ir_sf_temp_0\ts_oracle_security.sql
- %TEMP%\_ir_sf_temp_0\ts_525_constraints_count_894.sql
- %TEMP%\_ir_sf_temp_0\ts_tuning_change.sql
- %TEMP%\_ir_sf_temp_0\ts_debug_03_history.sql
- %TEMP%\_ir_sf_temp_0\ts_debug_04_days.sql
- %TEMP%\_ir_sf_temp_0\ts_tuning_check.sql
- %TEMP%\_ir_sf_temp_0\ts_525_indexes_create_968.sql
- %TEMP%\_ir_sf_temp_0\ts_525_indexes_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_525_tables_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_525_indexes_count_968.sql
- %TEMP%\_ir_sf_temp_0\ts_525_constraints_create_894.sql
- %TEMP%\_ir_sf_temp_0\ts_525_constraints_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_525_indexes_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_523_views_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_523_indexes_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_523_indexes_count_968.sql
- %TEMP%\_ir_sf_temp_0\ts_523_views_create_65.sql
- %TEMP%\_ir_sf_temp_0\ts_523_tables_create_337.sql
- %TEMP%\_ir_sf_temp_0\ts_523_tables_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_523_views_count_65.sql
- %TEMP%\_ir_sf_temp_0\ts_523_constraints_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_pending.sql
- %TEMP%\_ir_sf_temp_0\ts_debug_02_status.sql
- %TEMP%\_ir_sf_temp_0\ts_523_constraints_create_879.sql
- %TEMP%\_ir_sf_temp_0\ts_523_indexes_create_968.sql
- %TEMP%\_ir_sf_temp_0\ts_523_indexes_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_523_constraints_count_879.sql
- %TEMP%\_ir_sf_temp_0\ts_525_tables_count_338.sql
- %TEMP%\_ir_sf_temp_0\ts_526_indexes_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_526_indexes_create_970.sql
- %TEMP%\_ir_sf_temp_0\ts_526_indexes_count_970.sql
- %TEMP%\_ir_sf_temp_0\ts_526_indexes_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_526_constraints_create_883.sql
- %TEMP%\_ir_sf_temp_0\ts_526_constraints_count_883.sql
- %TEMP%\_ir_sf_temp_0\ts_526_constraints_extra.sql
- %TEMP%\_ir_sf_temp_0\ODBC.lmd
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %TEMP%\_ir_sf_temp_0\lua5.1.dll
- %TEMP%\_ir_sf_temp_0\FTP.lmd
- %TEMP%\_ir_sf_temp_0\ts_526_indexes_count_prescription_8.sql
- %TEMP%\_ir_sf_temp_0\ts_view_encounter_09082014.sql
- %TEMP%\_ir_sf_temp_0\Wow64.lmd
- %TEMP%\_ir_sf_temp_0\ts_525_views_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_debug_05_clob.sql
- %TEMP%\_ir_sf_temp_0\ts_debug_06_indexes.sql
- %TEMP%\_ir_sf_temp_0\ts_525_views_create_65.sql
- %TEMP%\_ir_sf_temp_0\ts_525_tables_create_337.sql
- %TEMP%\_ir_sf_temp_0\ts_525_tables_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_525_views_count_65.sql
- %TEMP%\_ir_sf_temp_0\ts_526_views_create_65.sql
- %TEMP%\_ir_sf_temp_0\ts_526_views_count_65.sql
- %TEMP%\_ir_sf_temp_0\ts_526_views_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_526_tables_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_526_tables_create_339.sql
- %TEMP%\_ir_sf_temp_0\ts_526_tables_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_526_tables_count_340.sql
- %TEMP%\_ir_sf_temp_0\ts_523_tables_count_338.sql
- %TEMP%\_ir_sf_temp_0\ts_interfaces_start.sql
- %TEMP%\_ir_sf_temp_0\ts_Prx3Usr_connection.sql
- %TEMP%\_ir_sf_temp_0\ts_interfaces_active.sql
- %TEMP%\_ir_sf_temp_0\ts_interfaces_stop.sql
- %TEMP%\_ir_sf_temp_0\ts_tuning_automatic_3.sql
- %TEMP%\_ir_sf_temp_0\ts_debug_01_ora38029.sql
- %TEMP%\_ir_sf_temp_0\ts_spi.sql
- %TEMP%\_ir_sf_temp_0\ts_PPTMS_connection_2.sql
- %TEMP%\_ir_sf_temp_0\ts_trace_PPTMS_oracle.sql
- %TEMP%\_ir_sf_temp_0\ts_view_materialized.sql
- %TEMP%\_ir_sf_temp_0\ts_PPTMS_connection_1.sql
- %TEMP%\_ir_sf_temp_0\ts_interfaces_inactive.sql
- %TEMP%\_ir_sf_temp_0\ts_interfaces_inactive_temp.sql
- %TEMP%\_ir_sf_temp_0\ts_interfaces_activated.sql
- %TEMP%\_ir_sf_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf_temp_0\IRIMG3.JPG
- %TEMP%\_ir_sf_temp_0\Prx_Onsite_Update_2_1.ico
- %TEMP%\_ir_sf_temp_0\IRIMG1.JPG
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %TEMP%\tasks.txt
- C:\PTS\Task Scheduler - Is running.txt
- %TEMP%\_ir_sf_temp_0\PHARMACIES DOWNLOAD DIRECTORY - V4.4 - SpecialtyType.int
- %TEMP%\_ir_sf_temp_0\ts_tuning_automatic_1.sql
- %TEMP%\_ir_sf_temp_0\ts_tuning_automatic_2.sql
- %TEMP%\_ir_sf_temp_0\PRESCRIPTIONS CONFIGURATION.int
- %TEMP%\_ir_sf_temp_0\pts_instance_status.sql
- %TEMP%\_ir_sf_temp_0\pts_oracle_version.sql
- %TEMP%\_ir_sf_temp_0\pts_praxis_version.sql
- %TEMP%\_ir_sf_temp_0\ts_524_tables_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_521_views_create_63.sql
- %TEMP%\_ir_sf_temp_0\ts_521_views_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_521_indexes_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_521_views_count_63.sql
- %TEMP%\_ir_sf_temp_0\ts_521_tables_count_336.sql
- %TEMP%\_ir_sf_temp_0\ts_521_tables_create_335.sql
- %TEMP%\_ir_sf_temp_0\ts_521_tables_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_521_constraints_create_871.sql
- %TEMP%\_ir_sf_temp_0\ts_521_constraints_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_523_tables_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_521_constraints_count_871.sql
- %TEMP%\_ir_sf_temp_0\ts_521_indexes_count_949.sql
- %TEMP%\_ir_sf_temp_0\ts_521_indexes_create_949.sql
- %TEMP%\_ir_sf_temp_0\ts_521_indexes_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_524_views_create_65.sql
- %TEMP%\_ir_sf_temp_0\ts_524_views_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_524_indexes_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_524_views_count_65.sql
- %TEMP%\_ir_sf_temp_0\ts_524_tables_count_338.sql
- %TEMP%\_ir_sf_temp_0\ts_524_tables_create_337.sql
- %TEMP%\_ir_sf_temp_0\ts_524_tables_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_524_constraints_create_879.sql
- %TEMP%\_ir_sf_temp_0\ts_524_constraints_extra.sql
- %TEMP%\_ir_sf_temp_0\ts_521_tables_analyze.sql
- %TEMP%\_ir_sf_temp_0\ts_524_constraints_count_879.sql
- %TEMP%\_ir_sf_temp_0\ts_524_indexes_count_968.sql
- %TEMP%\_ir_sf_temp_0\ts_524_indexes_create_968.sql
- %TEMP%\_ir_sf_temp_0\ts_524_indexes_extra.sql
- ClassName: '' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '18467-41' WindowName: ''