Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\_fctydn7_.lnk
- <SYSTEM32>\tasks\_fctydn7_
- C:\users\public\_fctydn7_\_fctydn7_.zip
- C:\users\public\_fctydn7_\exe.png
- C:\users\public\_fctydn7_\sql.png
- C:\users\public\_fctydn7_\libeay32.dll
- C:\users\public\_fctydn7_\ssleay32.dll
- C:\users\public\_fctydn7_\12.dll
- C:\users\public\c.lnk
- C:\users\public\i.dat
- C:\users\public\_fctydn7_\_fctydn7_1.lns
- %LOCALAPPDATA%\microsoft\forms\frmdata64.dat
- %TEMP%\outlook logging\firstrun.log
- %WINDIR%\inf\outlook\outlperf.h
- %WINDIR%\inf\outlook\0009\outlperf.ini
- from C:\users\public\_fctydn7_\exe.png to C:\users\public\_fctydn7_\_fctydn7_.exe
- from C:\users\public\_fctydn7_\12.dll to C:\users\public\_fctydn7_\_fctydn7_.lns
- from C:\users\public\_fctydn7_\sql.png to C:\users\public\_fctydn7_\sqlite3.dll
- http://ma###.hopto.org/mx/S3P0H8B8Z3g2I9YNhZl/kk/index.php
- http://ma###.hopto.org/mx/S3P0H8B8Z3g2I9YNhZlMD/kk/md.zip
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK ma###.hopto.org
- DNS ASK microsoft.com
- ClassName: 'mspim_wnd32' WindowName: 'Microsoft Outlook'
- ClassName: 'rencat' WindowName: ''
- '%ProgramFiles%\microsoft office\office14\outlook.exe' -Embedding