Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemjzdyl.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemuprxy.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemtqnlu.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemzafor.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemuxsmt.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemcjzku.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemrgmar.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemlmxkm.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemyyqvk.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemjnbrx.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemqvami.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqembafeg.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqembnfdr.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemegfmv.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemgyhqk.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemdpqre.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemjrkdf.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemgtfta.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemlivtc.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemaojtp.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemtjepp.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemehlms.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemiacxh.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemaxuek.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemstdpr.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemsmplk.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqempbgty.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemdksou.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemltcvx.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemxdcpp.exe'
- '%TEMP%\Sysqemjzdyl.exe'
- '%TEMP%\Sysqemuprxy.exe'
- '%TEMP%\Sysqemtqnlu.exe'
- '%TEMP%\Sysqemzafor.exe'
- '%TEMP%\Sysqemuxsmt.exe'
- '%TEMP%\Sysqemcjzku.exe'
- '%TEMP%\Sysqemrgmar.exe'
- '%TEMP%\Sysqemlmxkm.exe'
- '%TEMP%\Sysqemyyqvk.exe'
- '%TEMP%\Sysqemjnbrx.exe'
- '%TEMP%\Sysqemqvami.exe'
- '%TEMP%\Sysqembafeg.exe'
- '%TEMP%\Sysqembnfdr.exe'
- '%TEMP%\Sysqemegfmv.exe'
- '%TEMP%\Sysqemgyhqk.exe'
- '%TEMP%\Sysqemdpqre.exe'
- '%TEMP%\Sysqemjrkdf.exe'
- '%TEMP%\Sysqemgtfta.exe'
- '%TEMP%\Sysqemlivtc.exe'
- '%TEMP%\Sysqemaojtp.exe'
- '%TEMP%\Sysqemtjepp.exe'
- '%TEMP%\Sysqemehlms.exe'
- '%TEMP%\Sysqemiacxh.exe'
- '%TEMP%\Sysqemaxuek.exe'
- '%TEMP%\Sysqemstdpr.exe'
- '%TEMP%\Sysqemsmplk.exe'
- '%TEMP%\Sysqempbgty.exe'
- '%TEMP%\Sysqemdksou.exe'
- '%TEMP%\Sysqemltcvx.exe'
- '%TEMP%\Sysqemxdcpp.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %TEMP%\Sysqemjzdyl.exe
- %TEMP%\Sysqemzafor.exe
- %TEMP%\Sysqemtqnlu.exe
- %TEMP%\Sysqemuprxy.exe
- %TEMP%\Sysqemuxsmt.exe
- %TEMP%\Sysqemsmplk.exe
- %TEMP%\Sysqemrgmar.exe
- %TEMP%\Sysqemcjzku.exe
- %TEMP%\Sysqemyyqvk.exe
- %TEMP%\Sysqembafeg.exe
- %TEMP%\Sysqemqvami.exe
- %TEMP%\Sysqemjnbrx.exe
- %TEMP%\Sysqembnfdr.exe
- %TEMP%\Sysqemlmxkm.exe
- %TEMP%\Sysqemgyhqk.exe
- %TEMP%\Sysqemegfmv.exe
- %TEMP%\Sysqemlivtc.exe
- %TEMP%\Sysqemehlms.exe
- %TEMP%\Sysqemjrkdf.exe
- %TEMP%\Sysqemdpqre.exe
- %TEMP%\Sysqamqqvaqqd.exe
- %TEMP%\qpath.ini
- %TEMP%\Sysqemtjepp.exe
- %TEMP%\Sysqemaojtp.exe
- %TEMP%\Sysqempbgty.exe
- %TEMP%\Sysqemxdcpp.exe
- %TEMP%\Sysqemstdpr.exe
- %TEMP%\Sysqemaxuek.exe
- %TEMP%\Sysqemiacxh.exe
- %TEMP%\Sysqemgtfta.exe
- %TEMP%\Sysqemltcvx.exe
- %TEMP%\Sysqemdksou.exe
- %TEMP%\Sysqemjzdyl.exe
- %TEMP%\Sysqemuprxy.exe
- %TEMP%\Sysqemtqnlu.exe
- %TEMP%\Sysqemzafor.exe
- %TEMP%\Sysqemuxsmt.exe
- %TEMP%\Sysqemcjzku.exe
- %TEMP%\Sysqemrgmar.exe
- %TEMP%\Sysqemlmxkm.exe
- %TEMP%\Sysqemyyqvk.exe
- %TEMP%\Sysqemjnbrx.exe
- %TEMP%\Sysqemqvami.exe
- %TEMP%\Sysqembafeg.exe
- %TEMP%\Sysqembnfdr.exe
- %TEMP%\Sysqemegfmv.exe
- %TEMP%\Sysqemgyhqk.exe
- %TEMP%\Sysqemsmplk.exe
- %TEMP%\Sysqemlivtc.exe
- %TEMP%\Sysqemdpqre.exe
- %TEMP%\Sysqemjrkdf.exe
- %TEMP%\Sysqemehlms.exe
- %TEMP%\Sysqemaojtp.exe
- %TEMP%\Sysqamqqvaqqd.exe
- %TEMP%\Sysqemtjepp.exe
- %TEMP%\Sysqemgtfta.exe
- %TEMP%\Sysqempbgty.exe
- %TEMP%\Sysqemaxuek.exe
- %TEMP%\Sysqemstdpr.exe
- %TEMP%\Sysqemxdcpp.exe
- %TEMP%\Sysqemiacxh.exe
- %TEMP%\Sysqemdksou.exe
- %TEMP%\Sysqemltcvx.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini