Technical Information
- <Current directory>\$ms_upd$\svchost.exe
- %TEMP%\{kb-e69e-47df-9aa6-f062fadd6146}\kb950762.sys
- %TEMP%\{kb-e69e-47df-9aa6-f062fadd6146}\tmp.pic.tmp
- %TEMP%\{kb-e69e-47df-9aa6-f062fadd6146}\kb950766.sys
- %TEMP%\{kb-e69e-47df-9aa6-f062fadd6146}\kb960100.sys
- %TEMP%\{kb-e69e-47df-9aa6-f062fadd6146}\kb960200.sys
- %TEMP%\{kb-e69e-47df-9aa6-f062fadd6146}\kb950766.sys
- %TEMP%\{kb-e69e-47df-9aa6-f062fadd6146}\kb950766.sys
- 'localhost':21
- http://vi######rver2011.narod.ru/qpqxpgrphdn.3220684800.ifscrnwnted
- http://vi######rver2011.narod.ru/qpqxpgrphdn.3220684800.ifscrnwait
- http://vi######rver2011.narod.ru/qpqxpgrphdn.3220684800.command
- http://vi######rver2011.narod.ru/qpqxpgrphdn.3220684800.folderwanted
- http://vi######rver2011.narod.ru/qpqxpgrphdn.3220684800.fileuploadfolder
- http://vi######rver2011.narod.ru/qpqxpgrphdn.3220684800.filedownloadfolder
- DNS ASK vi######rver2011.narod.ru
- DNS ASK ft#.#arod.ru
- '<Current directory>\$ms_upd$\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c attrib %WINDIR%\$MS_UPD$ +h' (with hidden window)
- '<Current directory>\$ms_upd$\svchost.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib %WINDIR%\$MS_UPD$ +h
- '<SYSTEM32>\attrib.exe' %WINDIR%\$MS_UPD$ +h