Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\efiCDFJAKNJM.lnk
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '%APPDATA%\LDFA.exe' "%APPDATA%\FRWHW"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- %APPDATA%\LDFA.exe
- <Current directory>\FRWHW
- %APPDATA%\Update\Screenshots\01-25-2017\4.29 PM
- %APPDATA%\FRWHW
- <Current directory>\LDFA1
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- <Current directory>\LDFA.exe
- %HOMEPATH%\pwLuT50CHuQXhQwl\LDFA.exe
- %HOMEPATH%\pwLuT50CHuQXhQwl\FRWHW
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- from %APPDATA%\LDFA.exe to %HOMEPATH%\pwLuT50CHuQXhQwl\LDFA.exe
- from %APPDATA%\FRWHW to %HOMEPATH%\pwLuT50CHuQXhQwl\FRWHW
- '15#.#6.201.91':2980