Technical Information
- '<SYSTEM32>\cmd.exe' /c %TEMP%\<Virus name>.bat
- '<SYSTEM32>\schtasks.exe' /run /TN 112604201629
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /MO 3 /TN "112604201629" /TR "<SYSTEM32>\rundll32.exe %WINDIR%\Installer\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}\fmq14201718874.dll init
- %TEMP%\%r%\UTLGPT&fmq14201718874.dll
- %TEMP%\%r%\GEXG&extension
- %TEMP%\<Virus name>.bat
- %TEMP%\singt
- %TEMP%\<Virus name>.exe
- %TEMP%\atcp.db
- %TEMP%\_00.tmp
- %TEMP%\_.tmp
- from %TEMP%\%r%\UTLGPT&fmq14201718874.dll to %TEMP%\%r%\fmq14201718874.dll
- from %TEMP%\%r%\fmq14201718874.dll to %WINDIR%\Installer\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}\fmq14201718874.dll
- from %TEMP%\%r%\GEXG&extension to %TEMP%\%r%\extension
- from %TEMP%\%r%\extension to %WINDIR%\Installer\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}\extension
- 'mu###vv.com.br':80
- http://mu###vv.com.br/tec/clientes.php?ti###################################################################################################################
- DNS ASK mu###vv.com.br
- ClassName: 'Shell_TrayWnd' WindowName: ''