Technical Information
- %TEMP%\e_n60005\krnln.fnr
- %TEMP%\e_n60005\exui.fne
- %TEMP%\e_n60005\spec.fne
- %TEMP%\e_n60005\eapi.fne
- %TEMP%\e_n60005\ecompress.fne
- %TEMP%\e_n60005\enetintercept.fne
- %TEMP%\e_n60005\internet.fne
- %TEMP%\e_n60005\mp3.run
- %WINDIR%\fpfq5dl.bat
- %PROGRAMDATA%\microsoft\windows\start menu\programs\startup\╨▐╕┤360░▓╚ВЅ╬└╩┐.url
- <Current directory>\d3dx9.dll
- 'ba##u.com':443
- DNS ASK ba##u.com
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\FpFQ5dL.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\FpFQ5dL.bat
- '%WINDIR%\syswow64\attrib.exe' "%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup" +r +a +s +h /s /d
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Startup /t REG_SZ /d "%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup" /f
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Startup /t REG_SZ /d "%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup" /f