Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Temp rundll32' = '%TEMP%\rundll32.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Explorer' = '%APPDATA%\explorer.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Windows' = '%APPDATA%\windows.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Windows' = '%APPDATA%\windows.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows' = '%APPDATA%\windows.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows' = '%APPDATA%\windows.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Windows' = '%APPDATA%\windows.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Microsoft rundll32' = '%APPDATA%\Microsoft\rundll32.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Microsoft rundll32' = '%APPDATA%\Microsoft\rundll32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft rundll32' = '%APPDATA%\Microsoft\rundll32.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft rundll32' = '%APPDATA%\Microsoft\rundll32.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Microsoft rundll32' = '%APPDATA%\Microsoft\rundll32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Microsoft Explorer' = '%APPDATA%\Microsoft\explorer.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Microsoft Explorer' = '%APPDATA%\Microsoft\explorer.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Explorer' = '%APPDATA%\Microsoft\explorer.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Explorer' = '%APPDATA%\Microsoft\explorer.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Microsoft Explorer' = '%APPDATA%\Microsoft\explorer.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Microsoft Windows' = '%APPDATA%\Microsoft\windows.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Microsoft Windows' = '%APPDATA%\Microsoft\windows.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Windows' = '%APPDATA%\Microsoft\windows.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Explorer' = '%APPDATA%\explorer.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Windows' = '%APPDATA%\Microsoft\windows.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Explorer' = '%APPDATA%\explorer.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Explorer' = '%APPDATA%\explorer.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Temp rundll32' = '%TEMP%\rundll32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Temp rundll32' = '%TEMP%\rundll32.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Temp rundll32' = '%TEMP%\rundll32.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Temp rundll32' = '%TEMP%\rundll32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Temp Explorer' = '%TEMP%\explorer.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Temp Explorer' = '%TEMP%\explorer.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Temp Explorer' = '%TEMP%\explorer.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Temp Explorer' = '%TEMP%\explorer.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Temp Explorer' = '%TEMP%\explorer.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Temp Windows' = '%TEMP%\windows.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Temp Windows' = '%TEMP%\windows.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Temp Windows' = '%TEMP%\windows.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Temp Windows' = '%TEMP%\windows.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Temp Windows' = '%TEMP%\windows.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'rundll32' = '%APPDATA%\rundll32.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'rundll32' = '%APPDATA%\rundll32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rundll32' = '%APPDATA%\rundll32.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'rundll32' = '%APPDATA%\rundll32.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'rundll32' = '%APPDATA%\rundll32.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Explorer' = '%APPDATA%\explorer.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Microsoft Windows' = '%APPDATA%\Microsoft\windows.exe'
- %TEMP%\msnmessengerapi.dll
- %TEMP%\rundll32.exe
- %TEMP%\explorer.exe
- %TEMP%\windows.exe
- %APPDATA%\msnmessengerapi.dll
- %APPDATA%\rundll32.exe
- %APPDATA%\explorer.exe
- %APPDATA%\windows.exe
- %APPDATA%\microsoft\msnmessengerapi.dll
- %APPDATA%\microsoft\rundll32.exe
- %APPDATA%\microsoft\explorer.exe
- %APPDATA%\microsoft\windows.exe
- %TEMP%\msnmessengerapi.dll
- %TEMP%\rundll32.exe
- %TEMP%\explorer.exe
- %TEMP%\windows.exe
- %APPDATA%\msnmessengerapi.dll
- %APPDATA%\rundll32.exe
- %APPDATA%\explorer.exe
- %APPDATA%\windows.exe
- %APPDATA%\microsoft\msnmessengerapi.dll
- %APPDATA%\microsoft\rundll32.exe
- %APPDATA%\microsoft\explorer.exe
- %APPDATA%\microsoft\windows.exe
- '88.##8.223.26':1337
- '%APPDATA%\microsoft\windows.exe' new
- '%APPDATA%\rundll32.exe' new
- '%APPDATA%\windows.exe' new
- '%TEMP%\windows.exe' new
- '%APPDATA%\microsoft\rundll32.exe' new
- '%TEMP%\explorer.exe' new
- '%APPDATA%\explorer.exe' new
- '%TEMP%\rundll32.exe' new
- '%APPDATA%\microsoft\explorer.exe' new
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\Microsoft\rundll32.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\Microsoft\explorer.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%APPDATA%\windows.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%APPDATA%\Microsoft\rundll32.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\Microsoft\MSNMessengerAPI.dll"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%APPDATA%\Microsoft\windows.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\explorer.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%APPDATA%\Microsoft\explorer.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%APPDATA%\explorer.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%TEMP%\windows.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\rundll32.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\MSNMessengerAPI.dll"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%TEMP%\windows.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\Microsoft\windows.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%TEMP%\explorer.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%TEMP%\explorer.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%TEMP%\rundll32.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%TEMP%\rundll32.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%APPDATA%\rundll32.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\windows.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%TEMP%\MSNMessengerAPI.dll"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%TEMP%\MSNMessengerAPI.dll"
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%APPDATA%\Microsoft\windows.exe"
- '<SYSTEM32>\attrib.exe' +r +s +h +i "%APPDATA%\Microsoft\explorer.exe"
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\Microsoft\explorer.exe"
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%APPDATA%\Microsoft\explorer.exe"
- '<SYSTEM32>\attrib.exe' +r +s +h +i "%APPDATA%\Microsoft\rundll32.exe"
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\Microsoft\rundll32.exe"
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%APPDATA%\Microsoft\rundll32.exe"
- '<SYSTEM32>\attrib.exe' +r +s +h +i "%APPDATA%\Microsoft\MSNMessengerAPI.dll"
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\Microsoft\MSNMessengerAPI.dll"
- '<SYSTEM32>\attrib.exe' +r +s +h +i "%APPDATA%\windows.exe"
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\windows.exe"
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%APPDATA%\windows.exe"
- '<SYSTEM32>\attrib.exe' +r +s +h +i "%APPDATA%\explorer.exe"
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\explorer.exe"
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\Microsoft\windows.exe"
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%APPDATA%\explorer.exe"
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\rundll32.exe"
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%APPDATA%\rundll32.exe"
- '<SYSTEM32>\attrib.exe' +r +s +h +i "%APPDATA%\MSNMessengerAPI.dll"
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%APPDATA%\MSNMessengerAPI.dll"
- '<SYSTEM32>\attrib.exe' +r +s +h +i "%TEMP%\windows.exe"
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%TEMP%\windows.exe"
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%TEMP%\windows.exe"
- '<SYSTEM32>\attrib.exe' +r +s +h +i "%TEMP%\explorer.exe"
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%TEMP%\explorer.exe"
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%TEMP%\explorer.exe"
- '<SYSTEM32>\attrib.exe' +r +s +h +i "%TEMP%\rundll32.exe"
- '<SYSTEM32>\cmd.exe' /c attrib +r +s +h +i "%TEMP%\rundll32.exe"
- '<SYSTEM32>\cmd.exe' /c copy /y "<Full path to file>" "%TEMP%\rundll32.exe"
- '<SYSTEM32>\attrib.exe' +r +s +h +i "%TEMP%\MSNMessengerAPI.dll"
- '<SYSTEM32>\attrib.exe' +r +s +h +i "%APPDATA%\rundll32.exe"
- '<SYSTEM32>\attrib.exe' +r +s +h +i "%APPDATA%\Microsoft\windows.exe"