Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\bit3eae.tmp
- %WINDIR%\tasks\diskpart.job
- <SYSTEM32>\tasks\diskpart
- %WINDIR%\syswow64\mstsc.exe
- %WINDIR%\syswow64\cmd.exe
- %TEMP%\ca006bd3.png
- %APPDATA%\icq-profile\update\splash_banner\bit345c.tmp
- %TEMP%\cf6c49e6.lnk
- %APPDATA%\icq-profile\update\splash_banner\bit345c.tmp
- %APPDATA%\microsoft\windows\start menu\programs\startup\bit3eae.tmp
- from %APPDATA%\icq-profile\update\splash_banner\bit345c.tmp to %APPDATA%\icq-profile\update\splash_banner\diskpart.exe
- 'i.##gur.com':443
- 'xe##es.com':20200
- DNS ASK i.##gur.com
- DNS ASK xe##es.com
- '%WINDIR%\syswow64\mstsc.exe'
- '%WINDIR%\syswow64\cmd.exe'