Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 353' = '"%PROGRAMDATA%\353\ 353.exe"'
- %PROGRAMDATA%\353\bit40a8.tmp
- %ProgramFiles%\353\libeay32.dll
- %ProgramFiles%\353\ssleay32.dll
- %ProgramFiles%\353\dbghelp.dll
- %ProgramFiles%\353\dump.dmp
- %ProgramFiles%\353\dump2.dmp
- %ProgramFiles%\353\borlndmm.dll
- %PROGRAMDATA%\353\bit40a8.tmp
- %PROGRAMDATA%\353\ 353.zip
- from %PROGRAMDATA%\353\bit40a8.tmp to %PROGRAMDATA%\353\ 353.zip
- 'jj######.#3-eu-west-1.amazonaws.com':443
- 'lo####zaip.com.br':443
- DNS ASK jj######.#3-eu-west-1.amazonaws.com
- DNS ASK lo####zaip.com.br
- DNS ASK go##e.com
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~3,1%
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~5,1%
- '%ProgramFiles%\internet explorer\iexplore.exe'