Technical Information
- '%ALLUSERSPROFILE%\btceos.exe'
- '%ALLUSERSPROFILE%\app5.exe'
- %WINDIR%\syswow64\svchost.exe
- %ALLUSERSPROFILE%\btceos.exe
- %ALLUSERSPROFILE%\coverptt5.txt
- %ALLUSERSPROFILE%\app5.exe
- %ALLUSERSPROFILE%\tem.vbs
- %ALLUSERSPROFILE%\tem.vbs
- %ALLUSERSPROFILE%\app5.exe
- %ALLUSERSPROFILE%\tem.vbs
- 'vi#.##rongapt.ga':443
- 'up##ad.ee':443
- DNS ASK vi#.##rongapt.ga
- DNS ASK up##ad.ee
- '%WINDIR%\syswow64\wscript.exe' "%ALLUSERSPROFILE%\tem.vbs"
- '%WINDIR%\syswow64\svchost.exe'