Technical Information
- %WINDIR%\win.ini
- %APPDATA%\microsoft\windows\start menu\programs\startup\bit3ca9.tmp
- %WINDIR%\tasks\dpapimig.job
- <SYSTEM32>\tasks\dpapimig
- %WINDIR%\syswow64\cmd.exe
- %TEMP%\nscb057.tmp
- %TEMP%\dvvccrt.hxc
- %TEMP%\x-ipynb+json.xml
- %TEMP%\rhodochrosite
- %TEMP%\bacteriologist.exe
- %TEMP%\crumpstratocrat.dll
- %APPDATA%\adobe\linguistics\bit33a0.tmp
- %TEMP%\2abb815a.lnk
- %APPDATA%\remcos\logs.dat
- %APPDATA%\adobe\linguistics\bit33a0.tmp
- %APPDATA%\microsoft\windows\start menu\programs\startup\bit3ca9.tmp
- from %APPDATA%\adobe\linguistics\bit33a0.tmp to %APPDATA%\adobe\linguistics\dpapimig.exe
- 'ko#######nt202020.duckdns.org':1419
- DNS ASK ko#######nt202020.duckdns.org
- '%TEMP%\bacteriologist.exe'
- '%WINDIR%\syswow64\cmd.exe'