Technical Information
- %WINDIR%\patchfile\crack.exe /silent
- <SYSTEM32>\taskkill.exe /F /IM "sevenconfig.exe"
- <SYSTEM32>\ping.exe 123.45.67.89 -n 1 -w 4500
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://so##4tb.com
- <SYSTEM32>\ping.exe 123.45.67.89 -n 1 -w 3000
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\patchfile\DelLine1.bat" "
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\patchfile\DelLine2.bat" "
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\patchfile\run.bat" "
- %WINDIR%\patchfile\crack.exe
- %WINDIR%\patchfile\run.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\soft4tb[1]
- %WINDIR%\win.new
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %WINDIR%\patchfile\DelLine1.bat
- %WINDIR%\patchfile\DelLine2.bat
- %WINDIR%\patchfile\DelLine1.bat
- %WINDIR%\patchfile\DelLine2.bat
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %WINDIR%\win.old
- %WINDIR%\patchfile\crack.exe
- from %WINDIR%\win.ini to %WINDIR%\win.old
- 'so##4tb.com':80
- 'localhost':1036
- so##4tb.com/
- DNS ASK so##4tb.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''