Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /f /im 10d587.tmp.exe
- ClassName: 'Regmonclass', WindowName: ''
- ClassName: 'Filemonclass', WindowName: ''
- %TEMP%\10d587path\10d587.tmp.exe
- %TEMP%\10d587path\mspage.dll
- nul
- %TEMP%\10d587path\change.dll
- %TEMP%\xgwu0gsjbqmsok7i4z__10d587.tmp.dll
- %TEMP%\10d587path\10d587.tmp.exe
- %TEMP%\10d587path\change.dll
- 'ir###.f3322.org':80
- 'ge####ata.wicp.net':80
- DNS ASK ir###.f3322.org
- DNS ASK ge####ata.wicp.net
- ClassName: '4823-00000029' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- ClassName: '' WindowName: ''
- '%TEMP%\10d587path\10d587.tmp.exe'
- '%TEMP%\10d587path\10d587.tmp.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C ping -n 7 127.1>nul&taskkill /f /im 10d587.tmp.exe&ping -n 2 127.1>nul&del /f /q "%TEMP%\10d587Path\10d587.tmp.exe"&del /f /q "%TEMP%\10d587Path\Change.dll"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C ping -n 7 127.1>nul&taskkill /f /im 10d587.tmp.exe&ping -n 2 127.1>nul&del /f /q "%TEMP%\10d587Path\10d587.tmp.exe"&del /f /q "%TEMP%\10d587Path\Change.dll"
- '%WINDIR%\syswow64\ping.exe' -n 7 127.1
- '%WINDIR%\syswow64\ping.exe' -n 2 127.1