Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Output.exe' = '"<Full path to file>"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<Full path to file>,'
- <Current directory>\%LOCALAPPDATA%\UserDataManagement\log352.txt
- <Current directory>\%LOCALAPPDATA%\UserDataManagement\app.manifest
- %TEMP%\tiqdpj3n.0.cs
- %TEMP%\tiqdpj3n.cmdline
- %TEMP%\tiqdpj3n.out
- %TEMP%\tiqdpj3n.cmdline
- %TEMP%\tiqdpj3n.0.cs
- %TEMP%\tiqdpj3n.out
- <Current directory>\%LOCALAPPDATA%\UserDataManagement\app.manifest
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\tiqdpj3n.cmdline"