Technical Information
- '%TEMP%\4ae13d6c_.exe' (downloaded from the Internet)
- '%TEMP%\18be6784_.exe' (downloaded from the Internet)
- '%TEMP%\294823_.exe' (downloaded from the Internet)
- '%TEMP%\4ae13d6c_.exe' /enc tuFHwgP+c2Kg7HwgPRlxpzvurCYM8DMNf7ZMLwWcjDhbiHDFGhCxPzr9/u9QmHTq8MIs3n+lQ9GJE31pv2tu7ZndlMOL2IwP+gamKaxP1cGm/QQh8D2+SvwVqUMkBD086qQqrbrkDdywz7lO/YXOJrZI+4f5igehm4JGmcJ+AtM6rpw0OT0SKRnTpVr1...
- '%TEMP%\18be6784_.exe' /in + /un /cb /rp /rf /mf /ai 14400 /ad 300 /pn "Costmin" /sf /ax /en 30 /path "#0\Supporter\Supporter.dll" /dn "Supporter 1.80" /prd "Supporter" /sn "Supporter" /iu "asp4Hwymrs/3mJLFHw4R5UlzU6...
- '%TEMP%\294823_.exe'
- %TEMP%\4ae13d6c_.exe
- %TEMP%\18be6784_.exe
- %TEMP%\294823_.exe
- 's.###bels.info':80
- 'in#####collection.com':80
- 'do#####d.webbels.info':80
- 'su#####.webbels.info':80
- http://s.###bels.info/
- http://in#####collection.com/?HI########################################
- http://do#####d.webbels.info/?e=###############################################################################################################################
- http://su#####.webbels.info/
- DNS ASK s.###bels.info
- DNS ASK in#####collection.com
- DNS ASK do#####d.webbels.info
- DNS ASK su#####.webbels.info