Technical Information
- %WINDIR%\tasks\chemicalsynth.job
- <SYSTEM32>\tasks\chemicalsynth
- %WINDIR%\explorer.exe
- %TEMP%\8fb.exe
- %TEMP%\hibiki.dll
- %TEMP%\emc8fc.tmp
- %TEMP%\emc8fb.tmp
- %TEMP%\emc90c.tmp
- %TEMP%\emc90e.tmp
- %TEMP%\emc90d.tmp
- %TEMP%\ellocnak.msu
- <SYSTEM32>\$dpx$.tmp\7824dacfc125b84196253b99df9c82c6.tmp
- %PROGRAMDATA%\{d17b2c65-3932-2b77-d17b-b2c65393b194}\8fb.exe
- %PROGRAMDATA%\{d17b2c65-3932-2b77-d17b-b2c65393b194}\8fb.dat
- %TEMP%\emc8fb.tmp
- %TEMP%\emc8fc.tmp
- %TEMP%\emc90c.tmp
- %TEMP%\emc90d.tmp
- %TEMP%\emc90e.tmp
- %TEMP%\ellocnak.msu
- from <SYSTEM32>\$dpx$.tmp\7824dacfc125b84196253b99df9c82c6.tmp to <SYSTEM32>\hibiki.dll
- DNS ASK ce####-ring.link
- DNS ASK ge###luesee.com
- DNS ASK ro####ripzipbar.com
- '%TEMP%\8fb.exe'
- '<SYSTEM32>\cmd.exe' /c wusa %TEMP%\ellocnak.msu /extract:<SYSTEM32>
- '<SYSTEM32>\wusa.exe' %TEMP%\ellocnak.msu /extract:<SYSTEM32>
- '<SYSTEM32>\cliconfg.exe'