Technical Information
- '<SYSTEM32>\taskkill.exe' /f /im notepad.exe
- <Current directory>\Recycle Bin\notepad.exe
- <Current directory>\Recycle Bin\FM20.DLL
- <Current directory>\Recycle Bin\FM20ENU.DLL
- <Current directory>\Recycle Bin\FM20.oca
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\sever[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\14.0[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\sever[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\time[1].php
- <DRIVERS>\etc\hosts
- 'localhost':1038
- 'fr##.#ackrules.com':80
- 'fa##.##tolienminh.com':80
- http://fr##.#ackrules.com/ros/sever.php
- http://fr##.#ackrules.com/ros/14.0.php
- http://fa##.##tolienminh.com/ros/sever.php
- http://fr##.#ackrules.com/ros/time.php
- DNS ASK fr##.#ackrules.com
- DNS ASK fa##.##tolienminh.com
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '<Current directory>\Recycle Bin\notepad.exe'
- '<SYSTEM32>\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 8