Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' _d74' = '"%ALLUSERSPROFILE%\_d74\ _d74.exe"'
- %ALLUSERSPROFILE%\_d74\bitdd15.tmp
- %ProgramFiles%\_d74\libeay32.dll
- %ProgramFiles%\_d74\ssleay32.dll
- %ProgramFiles%\_d74\dbghelp.dll
- %ProgramFiles%\_d74\dump.dmp
- %ProgramFiles%\_d74\dump2.dmp
- %ProgramFiles%\_d74\borlndmm.dll
- %ALLUSERSPROFILE%\_d74\bitdd15.tmp
- %ALLUSERSPROFILE%\_d74\ _d74.zip
- from %ALLUSERSPROFILE%\_d74\bitdd15.tmp to %ALLUSERSPROFILE%\_d74\ _d74.zip
- 'zh######.#3-eu-west-1.amazonaws.com':443
- 'lo####zaip.com.br':443
- DNS ASK zh######.#3-eu-west-1.amazonaws.com
- DNS ASK lo####zaip.com.br
- DNS ASK go##e.com
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~13,1%
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~7,1%
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~4,1%
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'