Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Services\TPqd640] 'ImagePath' = '%WINDIR%\Fonts\TPqd640.sys'
- 'TPqd640' %WINDIR%\Fonts\TPqd640.sys
- %WINDIR%\syswow64\cmd.exe
- %WINDIR%\fonts\tpqd640.sys
- %WINDIR%\temp\udd368a.tmp
- %WINDIR%\temp\udd368a.tmp
- ClassName: '' WindowName: 'cmd.exe'
- '%WINDIR%\syswow64\cmd.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe'