Technical Information
- svchost.exe
- %TEMP%\svchost.exe
- %TEMP%\screen.jpg
- %TEMP%\net.exe
- %TEMP%\ULKKsEFBN
- %TEMP%\aut1.tmp
- %TEMP%\aut1.tmp
- 'dr##box.com':443
- 'sm##.gmail.com':465
- 'localhost':1038
- 'localhost':1040
- DNS ASK sm##.gmail.com
- DNS ASK www.dr##box.com
- '%TEMP%\svchost.exe'
- '<Full path to file>' /AutoIt3ExecuteScript "%TEMP%\ULKKsEFBN"
- '<SYSTEM32>\cmd.exe' /c del /q /f %temp%\*.lnk