Technical Information
- %PROGRAM_FILES%\5f396fcb\zt5f396fcbjn.exe "0C1DBA223B12C514F9957F1F50D56C73FC07E506948204E83E81E8" 1CFD67
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\5f396fcb\fif\396fcbcdu.dll",DoeServices 2
- %PROGRAM_FILES%\5f396fcb\fif\396fcbcdu.dll
- %PROGRAM_FILES%\5f396fcb\zt5f396fcbjn.lnk
- %PROGRAM_FILES%\5f396fcb\fif\396fcbcduec.txt
- %PROGRAM_FILES%\5f396fcb\zt5f396fcbjn.exe
- %PROGRAM_FILES%\5f396fcb\fif\396fcbcdu.txt
- from <Full path to virus> to <Full path to virus>.re
- 'cn#.#azgr.com':802
- DNS ASK cn#.#azgr.com
- '<Private IP address>':1035
- ClassName: '' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'CabinetWClass' WindowName: '????'