Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '%ProgramFiles(x86)%\Qoopa\Nodos\nds.exe,<SYSTEM32>\userinit.exe,%ProgramFiles(x86)%\Qoopa\Nodos\wnds.exe'
- %TEMP%\nodosi.msi
- %ProgramFiles(x86)%\qoopa\nodos\log4net.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.security.cryptography.algorithms.dll
- %ProgramFiles(x86)%\qoopa\nodos\avfilter-2.dll
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.adapter.prototype.js
- %ProgramFiles(x86)%\qoopa\nodos\socketioclientdotnet.dll
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.adapter.mootools.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\jquery-2.1.1.min.js
- %ProgramFiles(x86)%\qoopa\nodos\system.security.cryptography.encoding.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.net.sockets.dll
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.html4.js
- %ProgramFiles(x86)%\qoopa\nodos\system.security.cryptography.primitives.dll
- %ProgramFiles(x86)%\qoopa\nodos\newtonsoft.json.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.net.http.dll
- %ProgramFiles(x86)%\qoopa\nodos\nds.exe.config
- %ProgramFiles(x86)%\qoopa\nodos\nds.exe
- %ProgramFiles(x86)%\qoopa\nodos\aforge.video.dll
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.adapter.yui.js
- %ProgramFiles(x86)%\qoopa\nodos\resources\killexplorer.bat
- %ProgramFiles(x86)%\qoopa\nodos\nodoslauncher.exe
- %ProgramFiles(x86)%\qoopa\nodos\avcodec-53.dll
- %ProgramFiles(x86)%\qoopa\nodos\avutil-51.dll
- %ProgramFiles(x86)%\qoopa\nodos\scripts\jquery-2.1.1.intellisense.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\json2.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\nugetexample.js
- %ProgramFiles(x86)%\qoopa\nodos\icono.ico
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\amplify.store.js
- %ProgramFiles(x86)%\qoopa\nodos\websocket4net.dll
- %ProgramFiles(x86)%\qoopa\nodos\aforge.video.ffmpeg.dll
- %ProgramFiles(x86)%\qoopa\nodos\scripts\jquery-2.1.1.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.adapter.zepto.js
- %ProgramFiles(x86)%\qoopa\nodos\aforge.dll
- %TEMP%\nodosu.exe
- %TEMP%\cfgae8c.tmp
- %ProgramFiles(x86)%\qoopa\nodos\resources\alarm0.mp3
- %ProgramFiles(x86)%\qoopa\nodos\entityframework.dll
- %ProgramFiles(x86)%\qoopa\nodos\postproc-52.dll
- %ProgramFiles(x86)%\qoopa\nodos\avdevice-53.dll
- %ProgramFiles(x86)%\qoopa\nodos\wnds.exe
- %ProgramFiles(x86)%\qoopa\nodos\resources\alarm1.mp3
- %ProgramFiles(x86)%\qoopa\nodos\system.net.nameresolution.dll
- %ProgramFiles(x86)%\qoopa\nodos\supersocket.clientengine.dll
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.adapter.jquery.js
- %ProgramFiles(x86)%\qoopa\nodos\urlhistorylibrary.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.data.sqlite.dll
- %ProgramFiles(x86)%\qoopa\nodos\managedwifi.dll
- %ProgramFiles(x86)%\qoopa\nodos\avformat-53.dll
- %ProgramFiles(x86)%\qoopa\nodos\engineioclientdotnet.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.net.security.dll
- %ProgramFiles(x86)%\qoopa\nodos\sqlite.interop.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.collections.specialized.dll
- %ProgramFiles(x86)%\qoopa\nodos\wnds.exe.config
- %ProgramFiles(x86)%\qoopa\nodos\nodoslauncher.exe.config
- %ProgramFiles(x86)%\qoopa\nodos\aforge.video.directshow.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.data.sqlite.linq.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.security.cryptography.x509certificates.dll
- %ProgramFiles(x86)%\qoopa\nodos\swresample-0.dll
- %ProgramFiles(x86)%\qoopa\nodos\swscale-2.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.data.sqlite.ef6.dll
- %ProgramFiles(x86)%\qoopa\nodos\entityframework.sqlserver.dll
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.js
- %ProgramFiles(x86)%\qoopa\nodos\resources\alarm0.mp3
- %ProgramFiles(x86)%\qoopa\nodos\nds.exe.config
- %ProgramFiles(x86)%\qoopa\nodos\newtonsoft.json.dll
- %ProgramFiles(x86)%\qoopa\nodos\nodoslauncher.exe
- %ProgramFiles(x86)%\qoopa\nodos\nodoslauncher.exe.config
- %ProgramFiles(x86)%\qoopa\nodos\postproc-52.dll
- %ProgramFiles(x86)%\qoopa\nodos\socketioclientdotnet.dll
- %ProgramFiles(x86)%\qoopa\nodos\sqlite.interop.dll
- %ProgramFiles(x86)%\qoopa\nodos\supersocket.clientengine.dll
- %ProgramFiles(x86)%\qoopa\nodos\swresample-0.dll
- %ProgramFiles(x86)%\qoopa\nodos\swscale-2.dll
- %ProgramFiles(x86)%\qoopa\nodos\managedwifi.dll
- %ProgramFiles(x86)%\qoopa\nodos\nds.exe
- %ProgramFiles(x86)%\qoopa\nodos\system.collections.specialized.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.net.http.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.net.nameresolution.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.net.security.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.net.sockets.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.security.cryptography.algorithms.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.security.cryptography.encoding.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.security.cryptography.primitives.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.security.cryptography.x509certificates.dll
- %ProgramFiles(x86)%\qoopa\nodos\urlhistorylibrary.dll
- %ProgramFiles(x86)%\qoopa\nodos\websocket4net.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.data.sqlite.ef6.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.data.sqlite.linq.dll
- %ProgramFiles(x86)%\qoopa\nodos\log4net.dll
- %ProgramFiles(x86)%\qoopa\nodos\icono.ico
- %ProgramFiles(x86)%\qoopa\nodos\entityframework.sqlserver.dll
- %ProgramFiles(x86)%\qoopa\nodos\resources\killexplorer.bat
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\amplify.store.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.adapter.jquery.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.adapter.mootools.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.adapter.prototype.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.adapter.yui.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.adapter.zepto.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.html4.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\history.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\history.js\json2.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\jquery-2.1.1.intellisense.js
- %ProgramFiles(x86)%\qoopa\nodos\resources\alarm1.mp3
- %ProgramFiles(x86)%\qoopa\nodos\scripts\jquery-2.1.1.js
- %ProgramFiles(x86)%\qoopa\nodos\scripts\nugetexample.js
- %ProgramFiles(x86)%\qoopa\nodos\aforge.dll
- %ProgramFiles(x86)%\qoopa\nodos\aforge.video.directshow.dll
- %ProgramFiles(x86)%\qoopa\nodos\aforge.video.dll
- %ProgramFiles(x86)%\qoopa\nodos\avcodec-53.dll
- %ProgramFiles(x86)%\qoopa\nodos\avdevice-53.dll
- %ProgramFiles(x86)%\qoopa\nodos\avfilter-2.dll
- %ProgramFiles(x86)%\qoopa\nodos\avformat-53.dll
- %ProgramFiles(x86)%\qoopa\nodos\avutil-51.dll
- %ProgramFiles(x86)%\qoopa\nodos\engineioclientdotnet.dll
- %ProgramFiles(x86)%\qoopa\nodos\entityframework.dll
- %ProgramFiles(x86)%\qoopa\nodos\scripts\jquery-2.1.1.min.js
- %ProgramFiles(x86)%\qoopa\nodos\wnds.exe
- %ProgramFiles(x86)%\qoopa\nodos\wnds.exe.config
- from %ProgramFiles(x86)%\qoopa\nodos\aforge.video.ffmpeg.dll to C:\config.msi\119b86.rbf
- from %ProgramFiles(x86)%\qoopa\nodos\system.data.sqlite.dll to C:\config.msi\119b87.rbf
- %ProgramFiles(x86)%\qoopa\nodos\aforge.video.ffmpeg.dll
- %ProgramFiles(x86)%\qoopa\nodos\system.data.sqlite.dll
- 'no###.com.co':443
- DNS ASK no###.com.co
- '%TEMP%\nodosu.exe'
- '%ProgramFiles(x86)%\qoopa\nodos\nodoslauncher.exe'
- '%ProgramFiles(x86)%\qoopa\nodos\nds.exe'
- '%WINDIR%\syswow64\msiexec.exe' /i "%TEMP%\nodosi.msi"