Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\bitb174.tmp
- %WINDIR%\tasks\expand.job
- <SYSTEM32>\tasks\expand
- %WINDIR%\syswow64\cmd.exe
- %TEMP%\nsm4a1b.tmp
- %APPDATA%\adobe\bita811.tmp
- %TEMP%\spousaldelineator.dll
- %TEMP%\neighbour
- %APPDATA%\interviews\verwaltung\sendfriend\01-input-sources.xml
- %APPDATA%\interviews\verwaltung\sendfriend\contactleads.xml
- %APPDATA%\interviews\verwaltung\sendfriend\sbsmscorsec.dll
- %APPDATA%\interviews\verwaltung\sendfriend\vnd.lotus-wordpro.xml
- %APPDATA%\interviews\verwaltung\sendfriend\vcompd.dll
- %APPDATA%\interviews\verwaltung\sendfriend\msddsui.dll
- %APPDATA%\interviews\verwaltung\sendfriend\mount-point.xml
- %APPDATA%\interviews\verwaltung\sendfriend\x-dbf.xml
- %APPDATA%\vendor\microsoftvisualbasicvsa.xml
- %APPDATA%\vendor\fdl-appendix.xml
- %APPDATA%\vendor\microsoftvisualstudioui.dll
- %APPDATA%\vendor\13.opends60.dll
- %TEMP%\bd485a07.lnk
- %APPDATA%\remcos\logs.dat
- %APPDATA%\adobe\bita811.tmp
- %APPDATA%\microsoft\windows\start menu\programs\startup\bitb174.tmp
- from %APPDATA%\adobe\bita811.tmp to %APPDATA%\adobe\expand.exe
- 'ci######arem.duckdns.org':1013
- DNS ASK ci######arem.duckdns.org
- '%WINDIR%\syswow64\rundll32.exe' SpousalDelineator,Bullhead
- '%WINDIR%\syswow64\cmd.exe'