Technical Information
- '<SYSTEM32>\find.exe' /i "2848"
- '<SYSTEM32>\ping.exe' -n 2 127.0.0.1
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\2848.bat" "
- '<SYSTEM32>\tasklist.exe' /nh /fi "pid eq 2848"
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnPostRedirect' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnonZoneCrossing' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnonBadCertRecving' = '00000000'
- %TEMP%\28482aa01\settime.dll
- %TEMP%\28482aa01\RegDll.dll
- %TEMP%\28482aa01\TApi.dll
- %TEMP%\28482aa01\t_baibaoyun_win32.dll
- %TEMP%\28482aa01\TLib.dll
- %TEMP%\28482aa01\Plug365New.dll
- %TEMP%\28482aa01\aero_link.cur
- %TEMP%\28482aa01\174765.temp
- %TEMP%\28482aa01\intermediate.tis
- %TEMP%\28482aa01\dm.dll
- %TEMP%\28482aa01\main.twin
- %TEMP%\28482aa01\intermediate.tis
- %TEMP%\28482aa01\main.twin
- %TEMP%\28482aa01\174765.temp