Technical Information
- %WINDIR%\explorer.exe
- %TEMP%\f7a7.tmp
- %TEMP%\f7e6.tmp
- %TEMP%\f806.tmp
- %TEMP%\f8d2.tmp
- %TEMP%\fa36.tmp
- %TEMP%\fa65.tmp
- %TEMP%\fa85.tmp
- %TEMP%\faa4.tmp
- %TEMP%\fac4.tmp
- %TEMP%\fad4.tmp
- %TEMP%\f7a7.tmp
- %TEMP%\f7e6.tmp
- %TEMP%\f806.tmp
- %TEMP%\fa65.tmp
- %TEMP%\fa36.tmp
- %TEMP%\fa85.tmp
- %TEMP%\fac4.tmp
- %TEMP%\faa4.tmp
- %TEMP%\fad4.tmp
- 'am###ange.com':80
- http://am###ange.com/yaaaaaamcmmcobaqbf.tpl
- http://am###ange.com/tokqmhercemhzkllnipsht.phtml
- http://am###ange.com/gluxcmbqeijmfmcgsrlqvfjby.7z
- http://am###ange.com/pyhdqnhfuhxaihuvdsxfpvmcmpjwfzqwpcezsjsgtfiwoipllbnhnlmynjyanivl.phtm
- DNS ASK am###ange.com
- '%WINDIR%\syswow64\svchost.exe' netsvcs