Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /im wotsuper1.exe /f
- firefox.exe
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook]
- [<HKCU>\Software\Martin Prikryl\WinSCP 2\Sessions\]
- %LOCALAPPDATA%\google\chrome\user data\default\web data
- %APPDATA%\opera software\opera stable\login data
- %TEMP%\$inst\2.tmp
- %TEMP%\babbaadd\api-ms-win-crt-utility-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-time-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-string-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-stdio-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-runtime-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-process-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-private-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-multibyte-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-math-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-locale-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-heap-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-filesystem-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-environment-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-convert-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-conio-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-util-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-timezone-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-sysinfo-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-synch-l1-2-0.dll
- %TEMP%\babbaadd\freebl3.dll
- %TEMP%\babbaadd\msvcp140.dll
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\babbaadd\nss3.dll
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\nl_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee7606149814.zip
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\files\files\default.zip
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\files\information.txt
- %TEMP%\1095421447905110874703.tmp
- %TEMP%\1095421423584504536285.tmp
- %TEMP%\10954215555750547183746.tmp
- %TEMP%\10954062009862097935517.tmp
- %TEMP%\10954067763878782326337.tmp
- %TEMP%\1095359392366083617425.tmp-shm
- %TEMP%\1095359392366083617425.tmp
- %TEMP%\1095296419783272657856.tmp
- %TEMP%\10952817534201463299649.tmp
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\files\cookie_list.txt
- %TEMP%\10951875524116813104061.tmp
- %TEMP%\10951253630410248598019.tmp
- %TEMP%\babbaadd\vcruntime140.dll
- %TEMP%\babbaadd\ucrtbase.dll
- %TEMP%\babbaadd\softokn3.dll
- %TEMP%\babbaadd\nssdbm3.dll
- %TEMP%\babbaadd\api-ms-win-core-synch-l1-1-0.dll
- %TEMP%\babbaadd\mozglue.dll
- %TEMP%\babbaadd\api-ms-win-core-string-l1-1-0.dll
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\wd
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\ld
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\files\history\history_mozilla firefox_gn7ryp3k.default.txt
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\history-shm
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\history
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\files\cookies\cookies_mozilla firefox_gn7ryp3k.default.txt
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\c-shm
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\c
- %PROGRAMDATA%\vcruntime140.dll
- %PROGRAMDATA%\softokn3.dll
- %PROGRAMDATA%\nss3.dll
- %PROGRAMDATA%\msvcp140.dll
- %PROGRAMDATA%\mozglue.dll
- %PROGRAMDATA%\freebl3.dll
- %ProgramFiles(x86)%\wotsuper\wotsuper\uninstall.ini
- %ProgramFiles(x86)%\wotsuper\wotsuper\uninstall.exe
- %WINDIR%\wotsuper.reg
- %ProgramFiles(x86)%\wotsuper\wotsuper\wotsuper1.exe
- %ProgramFiles(x86)%\wotsuper\wotsuper\wotsuper.exe
- %TEMP%\$inst\temp_0.tmp
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\historych
- %PROGRAMDATA%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\policy.vpol
- %TEMP%\babbaadd\api-ms-win-core-profile-l1-1-0.dll
- %PROGRAMDATA%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\3ccd5499-87a8-4b10-a215-608888dd3b55.vsch
- %TEMP%\babbaadd\api-ms-win-core-processthreads-l1-1-1.dll
- %TEMP%\babbaadd\api-ms-win-core-processthreads-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-processenvironment-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-namedpipe-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-memory-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-localization-l1-2-0.dll
- %TEMP%\babbaadd\api-ms-win-core-libraryloader-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-interlocked-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-heap-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-handle-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-file-l2-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-file-l1-2-0.dll
- %TEMP%\babbaadd\api-ms-win-core-file-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-errorhandling-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-debug-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-datetime-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-console-l1-1-0.dll
- %LOCALAPPDATA%\microsoft\vault\4bf4c442-9b8a-41a0-b380-dd4a704ddb28\policy.vpol
- %PROGRAMDATA%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\2f1a6504-0641-44cf-8bb5-3612d865f2e5.vsch
- %TEMP%\babbaadd\api-ms-win-core-rtlsupport-l1-1-0.dll
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\babbaadd\api-ms-win-crt-heap-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-filesystem-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-environment-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-convert-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-conio-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-util-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-timezone-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-sysinfo-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-synch-l1-2-0.dll
- %TEMP%\babbaadd\api-ms-win-core-synch-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-string-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-rtlsupport-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-profile-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-processthreads-l1-1-1.dll
- %TEMP%\babbaadd\api-ms-win-core-processthreads-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-namedpipe-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-processenvironment-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-locale-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-math-l1-1-0.dll
- %TEMP%\babbaadd\vcruntime140.dll
- %TEMP%\babbaadd\ucrtbase.dll
- %TEMP%\babbaadd\softokn3.dll
- %TEMP%\babbaadd\nssdbm3.dll
- %TEMP%\babbaadd\nss3.dll
- %TEMP%\babbaadd\msvcp140.dll
- %TEMP%\babbaadd\mozglue.dll
- %TEMP%\babbaadd\api-ms-win-crt-utility-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-datetime-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-time-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-string-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-stdio-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-runtime-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-process-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-private-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-crt-multibyte-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-memory-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-localization-l1-2-0.dll
- %TEMP%\babbaadd\api-ms-win-core-libraryloader-l1-1-0.dll
- %TEMP%\1095359392366083617425.tmp-shm
- %TEMP%\1095296419783272657856.tmp
- %TEMP%\10952817534201463299649.tmp
- %PROGRAMDATA%\vcruntime140.dll
- %PROGRAMDATA%\softokn3.dll
- %PROGRAMDATA%\nss3.dll
- %PROGRAMDATA%\msvcp140.dll
- %PROGRAMDATA%\mozglue.dll
- %PROGRAMDATA%\freebl3.dll
- %TEMP%\10951875524116813104061.tmp
- %TEMP%\10951253630410248598019.tmp
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\history-shm
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\c-shm
- %TEMP%\$inst\2.tmp
- %TEMP%\10954067763878782326337.tmp
- %TEMP%\10954062009862097935517.tmp
- %TEMP%\1095359392366083617425.tmp
- %TEMP%\10954215555750547183746.tmp
- %TEMP%\babbaadd\api-ms-win-core-interlocked-l1-1-0.dll
- %TEMP%\1095421423584504536285.tmp
- %TEMP%\babbaadd\api-ms-win-core-heap-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-handle-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-file-l2-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-file-l1-2-0.dll
- %TEMP%\babbaadd\api-ms-win-core-file-l1-1-0.dll
- %TEMP%\babbaadd\api-ms-win-core-errorhandling-l1-1-0.dll
- %TEMP%\babbaadd\freebl3.dll
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\nl_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee7606149814.zip
- %TEMP%\babbaadd\api-ms-win-core-console-l1-1-0.dll
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\files\information.txt
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\files\history\history_mozilla firefox_gn7ryp3k.default.txt
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\files\files\default.zip
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\files\cookie_list.txt
- %PROGRAMDATA%\9luhxi6xzd937e29ea8qi04v2\files\cookies\cookies_mozilla firefox_gn7ryp3k.default.txt
- %TEMP%\1095421447905110874703.tmp
- %TEMP%\babbaadd\api-ms-win-core-debug-l1-1-0.dll
- %ProgramFiles(x86)%\wotsuper\wotsuper\wotsuper.exe
- 'ip##pi.com':80
- http://ba####dsparks.com/freebl3.dll
- http://ba####dsparks.com/mozglue.dll
- http://ba####dsparks.com/msvcp140.dll
- http://ba####dsparks.com/nss3.dll
- http://ba####dsparks.com/softokn3.dll
- http://ba####dsparks.com/vcruntime140.dll
- http://gi###ter.info/index.php
- DNS ASK ba####dsparks.com
- DNS ASK gi###ter.info
- DNS ASK ip###ger.org
- DNS ASK ip##pi.com
- DNS ASK microsoft.com
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%ProgramFiles(x86)%\wotsuper\wotsuper\wotsuper.exe'
- '%ProgramFiles(x86)%\wotsuper\wotsuper\wotsuper1.exe'
- '%WINDIR%\syswow64\regedit.exe' \s %WINDIR%\wotsuper.reg' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\timeout.exe 3 & del "wotsuper.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im wotsuper1.exe /f & erase %ProgramFiles(x86)%\wotsuper\wotsuper\wotsuper1.exe & exit' (with hidden window)
- '%WINDIR%\syswow64\regedit.exe' \s %WINDIR%\wotsuper.reg
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\timeout.exe 3 & del "wotsuper.exe"
- '%WINDIR%\syswow64\timeout.exe' 3
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im wotsuper1.exe /f & erase %ProgramFiles(x86)%\wotsuper\wotsuper\wotsuper1.exe & exit