Technical Information
- '<SYSTEM32>\regsvr32.exe' <SYSTEM32>\dm.dll /s
- %TEMP%\3.tmp
- %TEMP%\2.tmp
- %APPDATA%\E_UIEngine\a72e418666a35b8a933b73338af8f358\a72e418666a35b8a933b73338af8f358.db
- %APPDATA%\E_UIEngine\a72e418666a35b8a933b73338af8f358\a72e418666a35b8a933b73338af8f358.jpg
- %TEMP%\1.tmp
- <SYSTEM32>\BackInC.sys
- <SYSTEM32>\PastUWxIO.sys
- %APPDATA%\E_UIEngine\90afea1eeb37be7a93471c36152ab43a\90afea1eeb37be7a93471c36152ab43a.jpg
- <SYSTEM32>\dm.dll
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- %TEMP%\1.tmp
- <SYSTEM32>\PastUWxIO.sys
- <SYSTEM32>\BackInC.sys
- 'www.32##36.com':80
- www.32##36.com/cf.txt
- DNS ASK www.32##36.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'