Technical Information
- %TEMP%\7zipsfx.000\temp.txt
- %TEMP%\7zipsfx.000\fat32.sys
- %TEMP%\7zipsfx.000\setup64.exe
- %TEMP%\7zipsfx.000\txupd.exe
- %TEMP%\7zipsfx.000\fat32.dll
- %TEMP%\7zipsfx.000\windnsapi.dll
- %ALLUSERSPROFILE%\compatible
- %TEMP%\7zipsfx.000\fat32.dll
- %TEMP%\7zipsfx.000\fat32.sys
- %TEMP%\7zipsfx.000\temp.txt
- %TEMP%\7zipsfx.000\txupd.exe
- %TEMP%\7zipsfx.000\windnsapi.dll
- from %TEMP%\7zipsfx.000\setup64.exe to %ALLUSERSPROFILE%\setup64.exe
- 'ba##u.com':80
- '36#.cn':80
- http://www.ba##u.com/
- DNS ASK ba##u.com
- DNS ASK 36#.cn
- '%TEMP%\7zipsfx.000\txupd.exe'
- '%ALLUSERSPROFILE%\setup64.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del %TEMP%\7ZipSfx.000\txupd.exe > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del %TEMP%\7ZipSfx.000\txupd.exe > nul
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "