Technical Information
- %WINDIR%\win.ini
- %WINDIR%\sys.dat
- %WINDIR%\syswow64\mswinsck.ocx
- %TEMP%\dfa1607.tmp
- %TEMP%\dfa1607.tmp
- %TEMP%\dfa1607.tmp
- http://www.pc##8.net/file.txt
- http://www.ys##.net/file.txt
- http://www.v1##.net/file.txt
- http://www.v3##.net/file.txt
- http://www.ah##.net/file.txt
- DNS ASK pc##8.net
- DNS ASK ys##.net
- DNS ASK v1##.net
- DNS ASK v3##.net
- DNS ASK ah##.net
- '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\mswinsck.ocx"' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /s "%TEMP%\~DFA9754.tmp"' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /s "%TEMP%\~DFA2598.tmp"' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\mswinsck.ocx"
- '%WINDIR%\syswow64\regsvr32.exe' /s "%TEMP%\~DFA9754.tmp"
- '%WINDIR%\syswow64\regsvr32.exe' /s "%TEMP%\~DFA2598.tmp"