Technical Information
- %TEMP%\nsq80f3.tmp
- %TEMP%\guqf296\clonedvd 2.9.1.2.exe
- %TEMP%\guqf296\subst.exe
- %TEMP%\nst87c5.tmp\installhelp.dll
- %TEMP%\guqf296\rm.exe
- %TEMP%\guqf296\vh.exe
- %TEMP%\guqf296\wr.exe
- %WINDIR%\syswow64\fccbxvu.dll
- %TEMP%\removalfile.bat
- %TEMP%\guqf296\rm.exe
- 'zi#f.pl':80
- DNS ASK x2#.####0520.wrs.mcboo.com
- DNS ASK zi#f.pl
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\guqf296\clonedvd 2.9.1.2.exe'
- '%TEMP%\guqf296\subst.exe' -ppl552bbas3
- '%TEMP%\guqf296\wr.exe'
- '%TEMP%\guqf296\rm.exe'
- '%TEMP%\guqf296\vh.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\removalfile.bat "%TEMP%\GUQF296\rm.exe"' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' Вё,Activate
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\removalfile.bat "%TEMP%\GUQF296\rm.exe"