Technical Information
- %WINDIR%\smss.exe
- %WINDIR%\ie.exe
- %WINDIR%\smss.exe (downloaded from the Internet)
- %WINDIR%\ie.exe (downloaded from the Internet)
- <SYSTEM32>\wscript.exe "<LS_APPDATA>\Temp\AIIFBACVYP.vbs"
- %WINDIR%\ie.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\smss[1].exe
- %WINDIR%\smss.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ie[1].exe
- <LS_APPDATA>\Temp\AIIFBACVYP.vbs
- %HOMEPATH%\Desktop\РЎУОП·НшХѕ.url
- %HOMEPATH%\Favorites\РЎУОП·НшХѕ.url
- <LS_APPDATA>\Temp\AIIFBACVYP.vbs
- 'www.zu##eng.net':80
- 'localhost':1035
- www.zu##eng.net/down/smss.exe
- www.zu##eng.net/down/ie.exe
- DNS ASK www.zu##eng.net