Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\szjbqqszym.url
- sollevando.exe.com
- %TEMP%\ixp000.tmp\tocca.flv
- %TEMP%\ixp000.tmp\inganna.flv
- %TEMP%\ixp000.tmp\pochi.flv
- %TEMP%\ixp000.tmp\lavorato.flv
- %TEMP%\ixp000.tmp\sollevando.exe.com
- %TEMP%\ixp000.tmp\p
- %APPDATA%\mmiibmkryf\z
- %APPDATA%\mmiibmkryf\szjbqqszym.exe.com
- %APPDATA%\mmiibmkryf\pochi.flv
- %APPDATA%\mmiibmkryf\mshwuyzpool.js
- %TEMP%\ixp000.tmp\p
- %TEMP%\ixp000.tmp\pochi.flv
- %TEMP%\ixp000.tmp\lavorato.flv
- %TEMP%\ixp000.tmp\inganna.flv
- %TEMP%\ixp000.tmp\tocca.flv
- %TEMP%\ixp000.tmp\sollevando.exe.com
- DNS ASK jO##########LbliyqGnb.jOduIfTqIUBGLbliyqGnb
- '%TEMP%\ixp000.tmp\sollevando.exe.com' p
- '%WINDIR%\syswow64\cmd.exe' /c cmd < Lavorato.flv' (with hidden window)
- '%WINDIR%\syswow64\dllhost.exe' ' (with hidden window)
- '%WINDIR%\syswow64\dllhost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c cmd < Lavorato.flv
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\findstr.exe' /V /R "^DAGQRwZMxODGzDBMLnPGlmBKhjHNIkrmXMjWTFQybgMAasvRBRslqdztYWCFzjroLtIHsFTuIJoVMwaVQQjRUTnHaoXXekLkkDPgJOAVXlBsinsXEHPDZjg$" Tocca.flv
- '%WINDIR%\syswow64\ping.exe' localhost