Technical Information
- '%HOMEPATH%\Templates\system.exe'
- '%ALLUSERSPROFILE%\Application Data\tcmd910x32_64.exe'
- '%ALLUSERSPROFILE%\Application Data\system.exe'
- '<SYSTEM32>\schtasks.exe' /Delete /TN "Update\Update" /F
- '<SYSTEM32>\cmd.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- [<HKLM>\SOFTWARE\Ghisler\Total Commander]
- [<HKCU>\SOFTWARE\Ghisler\Windows Commander]
- [<HKCU>\SOFTWARE\Ghisler\Total Commander]
- %TEMP%\Update.txt
- %TEMP%\1950346865.xml
- %TEMP%\1496072389.xml
- %ALLUSERSPROFILE%\Application Data\system.exe
- %ALLUSERSPROFILE%\Application Data\tcmd910x32_64.exe
- %HOMEPATH%\Templates\system.exe
- %HOMEPATH%\Templates\system.exe