Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\bitbf19.tmp
- %WINDIR%\tasks\visual.job
- <SYSTEM32>\tasks\visual
- %WINDIR%\syswow64\extrac32.exe
- %WINDIR%\syswow64\cmd.exe
- %TEMP%\59f6a1af.png
- %APPDATA%\icq-profile\bitb4e6.tmp
- %TEMP%\4691062a.lnk
- %APPDATA%\icq-profile\bitb4e6.tmp
- %APPDATA%\microsoft\windows\start menu\programs\startup\bitbf19.tmp
- from %APPDATA%\icq-profile\bitb4e6.tmp to %APPDATA%\icq-profile\visual.exe
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK i.##gur.com
- DNS ASK microsoft.com
- DNS ASK ai####obblelulu.tw
- '%WINDIR%\syswow64\extrac32.exe'
- '%WINDIR%\syswow64\cmd.exe'