Technical Information
- %WINDIR%\explorer.exe
- iexplore.exe
- iexplore.exe process, wininet.dll module
- firefox.exe process, nss3.dll module
- %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe
- %TEMP%\7_63\ubrce.gge
- %TEMP%\7_63\tblcusfuuw.docx
- %TEMP%\7_63\urrerivkpo.docx
- %TEMP%\7_63\vjprjriq.ico
- %TEMP%\7_63\duiu.msc
- %TEMP%\7_63\tjtcc.ppt
- %TEMP%\7_63\ghxccgmars.pdf
- %TEMP%\7_63\attucvf.bmp
- %TEMP%\7_63\dsljgcv.icm
- %TEMP%\7_63\havggupigl.ini
- %TEMP%\7_63\ompw.exe
- %TEMP%\7_63\xqejs.ini
- %TEMP%\7_63\netnfh.pdf
- %TEMP%\7_63\gkcpk.icm
- %TEMP%\7_63\tjlaee.cpl
- %TEMP%\7_63\jhvwxas.mp3
- %TEMP%\7_63\rpvrskeofd.exe
- %TEMP%\7_63\ulvlicmcxk.vbe
- %TEMP%\7_63\sopjge.daw
- %TEMP%\7_63\dojcuiu.pdf
- %TEMP%\7_63\cmwlqnwuuf.jpg
- %HOMEPATH%\temp\dojcuiu.pdf
- %TEMP%\7_63\rpvrskeofd.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\7_63\ulvlicmcxk.vbe"
- '%TEMP%\7_63\rpvrskeofd.exe' sopjge.daw
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe'
- '%WINDIR%\syswow64\netsh.exe'
- '%WINDIR%\syswow64\cmd.exe' del "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"