Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\pre-setting 239czz.lnk
- C:\document\sign231.txt
- C:\document\wbs.txt
- C:\document\rhq\wbs.txt
- C:\document\rhq\dwn_veincgd.exe
- %TEMP%\order_ьس.vbs
- C:\document\rhq\tik_mfgro.txt
- %TEMP%\order_شооv.vbs
- %TEMP%\order_ثь.vbs
- C:\document\rhq\tik_qgpbky.txt
- C:\document\rhq\tik_hxrjy.txt
- %TEMP%\order_tgئы.vbs
- %TEMP%\order_كиق.vbs
- C:\document\rhq\tik_upb.txt
- from C:\document\rhq\dwn_veincgd.exe to C:\document\rhq\dwn_qpchkv.exe
- DNS ASK google.com
- 'C:\document\rhq\dwn_veincgd.exe'
- 'C:\document\rhq\dwn_qpchkv.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ьس.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_شооv.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ثь.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_tgئы.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_كиق.vbs"
- '<SYSTEM32>\ping.exe' -n 1 www.google.com' (with hidden window)
- '<SYSTEM32>\ping.exe' -n 1 www.google.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_يFهо.vbs"