Technical Information
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\c[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\1[1].gif
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\1[1].gif
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\c[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\m[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\m[1].php
- <Full path to file>
- 'ap#.ae93.pw':80
- http://ap#.ae93.pw/1.gif
- http://ap#.ae93.pw/m.php?md##########################################################
- http://ap#.ae93.pw/c.php?md###############################
- DNS ASK ap#.ae93.pw
- '<SYSTEM32>\cmd.exe' /c ipconfig /all
- '<SYSTEM32>\ipconfig.exe' /all
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 5
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 5 >nul&del/f/s/q "<Full path to file>"