Technical Information
- %TEMP%\eaf.tmp
- %TEMP%\1cb0.tmp
- %TEMP%\1c71.tmp
- %TEMP%\1c41.tmp
- %TEMP%\1bb4.tmp
- %TEMP%\1721.tmp
- %TEMP%\16e1.tmp
- %TEMP%\16b1.tmp
- %TEMP%\1672.tmp
- %TEMP%\1642.tmp
- %TEMP%\1603.tmp
- %TEMP%\15d3.tmp
- %TEMP%\1594.tmp
- %TEMP%\1564.tmp
- %TEMP%\1524.tmp
- %TEMP%\14f5.tmp
- %TEMP%\14b5.tmp
- %TEMP%\1485.tmp
- %TEMP%\13c9.tmp
- %TEMP%\12cf.tmp
- %TEMP%\129f.tmp
- %TEMP%\11e3.tmp
- %TEMP%\11a3.tmp
- %TEMP%\100d.tmp
- %TEMP%\fcd.tmp
- %TEMP%\f8e.tmp
- %TEMP%\f5e.tmp
- %TEMP%\f2d.tmp
- %TEMP%\1ce0.tmp
- %TEMP%\1d1f.tmp
- %TEMP%\f2d.tmp
- %TEMP%\f5e.tmp
- %TEMP%\f8e.tmp
- %TEMP%\fcd.tmp
- %TEMP%\100d.tmp
- %TEMP%\11a3.tmp
- %TEMP%\11e3.tmp
- %TEMP%\129f.tmp
- %TEMP%\12cf.tmp
- %TEMP%\13c9.tmp
- %TEMP%\1485.tmp
- 'ku###j72.top':80
- http://ku###j72.top/gate.php
- DNS ASK ku###j72.top
- DNS ASK ta###r10.top
- '%WINDIR%\syswow64\cmd.exe' /c timeout -t 5 && del "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout -t 5 && del "<Full path to file>"
- '%WINDIR%\syswow64\timeout.exe' -t 5