Technical Information
- 'ae####online.com':80
- http://ae####online.com/maczjwtq/etqrnbbym.php?ad########
- http://ae####online.com/maczjwtq/birqakky.php?ad########
- http://ae####online.com/maczjwtq/admwk.php?ad########
- http://ae####online.com/maczjwtq/gmvsjkh.php?ad########
- http://ae####online.com/maczjwtq/wczjgtqqnk.php?ad########
- http://ae####online.com/maczjwtq/ekhrrfst.php?ad########
- http://ae####online.com/maczjwtq/iolylzjjg.php?ad########
- http://ae####online.com/maczjwtq/tjgcdnnak.php?ad########
- http://ae####online.com/maczjwtq/yekhhiijfg.php?ad########
- http://ae####online.com/maczjwtq/tfllijwxgu.php?ad########
- http://ae####online.com/maczjwtq/ybxliiv.php?ad########
- http://ae####online.com/maczjwtq/xekgqer.php?ad########
- http://ae####online.com/maczjwtq/kzwtguher.php?ad################################################
- DNS ASK ae####online.com
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul