Technical Information
- <SYSTEM32>\wbem\wmiadap.exe /R /T
- %TEMP%\nsi3.tmp\nsDialogs.dll
- %TEMP%\nsi3.tmp\modern-wizard.bmp
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %TEMP%\nsi3.tmp\System.dll
- %TEMP%\nsi3.tmp\modern-header.bmp
- %TEMP%\nsi3.tmp\KillProcDLL.dll
- %TEMP%\nsp2.tmp
- %TEMP%\nsi3.tmp\GetVersion.dll
- %TEMP%\nsi3.tmp\NSISdl.dll
- from <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini to <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- from <SYSTEM32>\wbem\Performance\WmiApRpl_new.h to <SYSTEM32>\wbem\Performance\WmiApRpl.h
- 'in#####.p2pmoney.com':80
- in#####.p2pmoney.com/get_file.php?fi###############
- DNS ASK www.zu##.com
- DNS ASK in#####.p2pmoney.com
- ClassName: 'Shell_TrayWnd' WindowName: ''