Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Project1' = '%APPDATA%\fszgww\Project1.exe'
- '%TEMP%\Svchost.exe'
- '%TEMP%\RarSFX0\RLHakA.exe' "FsZGWw"
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- <SYSTEM32>\cmd.exe
- ecmd.exe
- %APPDATA%\fszgww\SaRlIt.txt
- %APPDATA%\fszgww\FsZGWw
- %TEMP%\Svchost.exe
- %APPDATA%\fszgww\RLHakA.exe
- %APPDATA%\fszgww\1.txt
- %APPDATA%\fszgww\2.txt
- %APPDATA%\fszgww\skype.exe
- %APPDATA%\fszgww\Project1.exe
- %TEMP%\RarSFX0\RLHakA.exe
- %TEMP%\RarSFX0\GIjqtQ.exe
- %TEMP%\RarSFX0\FsZGWw
- %TEMP%\RarSFX0\SaRlIt.txt
- %TEMP%\GIjqtQ.exe
- %TEMP%\FsZGWw
- %TEMP%\SaRlIt.txt
- %TEMP%\RLHakA.exe
- %TEMP%\RarSFX0\SaRlIt.txt
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- %TEMP%\RarSFX0\RLHakA.exe
- %TEMP%\RarSFX0\FsZGWw
- %TEMP%\RarSFX0\GIjqtQ.exe
- 'localhost':1042
- 'www.dr##box.com':443
- 'localhost':1039
- DNS ASK www.dr##box.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''