Technical Information
- '%TEMP%\client.exe'
- '%TEMP%\client.exe' (downloaded from the Internet)
- '<SYSTEM32>\PING.EXE' 1.1.1.1 -n 1 -w 1000
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEE4.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEF5.tmp
- %TEMP%\client.exe
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEE4.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEF5.tmp
- 'an###ervg.ru':80
- an###ervg.ru/wsystem/client/notebook?co#####
- DNS ASK an###ervg.ru