Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\pre-setting 412aqlxl.lnk
- C:\configration\sign231.txt
- C:\configration\buej\tik_elxwux.txt
- %TEMP%\order_gt.vbs
- C:\configration\buej\tik_wrulkz.txt
- %TEMP%\order_rbnغ.vbs
- C:\configration\buej\tik_zslyyq.txt
- %TEMP%\order_efуa.vbs
- C:\configration\buej\tik_nhvnvujh.txt
- %TEMP%\order_ىуحил.vbs
- C:\configration\buej\tik_vpymd.txt
- %TEMP%\order_pp.vbs
- C:\configration\buej\tik_lgrznf.txt
- %TEMP%\order_wئح.vbs
- C:\configration\buej\tik_izfw.txt
- C:\configration\buej\tik_uruqemztl.txt
- %TEMP%\order_ؤzا.vbs
- %TEMP%\order_نحssp.vbs
- C:\configration\buej\tik_egho.txt
- %TEMP%\order_رяث.vbs
- C:\configration\buej\tik_icldgygfe.txt
- %TEMP%\order_еشгك.vbs
- C:\configration\buej\tik_nvqibu.txt
- %TEMP%\order_شкغ.vbs
- C:\configration\buej\tik_kbsrha.txt
- %TEMP%\order_лнl.vbs
- C:\configration\buej\tik_eifmww.txt
- %TEMP%\order_طf.vbs
- C:\configration\buej\tik_bwjuciobl.txt
- %TEMP%\order_игoмx.vbs
- %TEMP%\order_ишمл.vbs
- C:\configration\buej\tik_tlaxaqhfn.txt
- %TEMP%\order_сeتc.vbs
- %TEMP%\order_ъsةنp.vbs
- C:\configration\buej\tik_onajcp.txt
- %TEMP%\order_wwhъ.vbs
- C:\configration\buej\tik_nmjyywr.txt
- %TEMP%\order_tуz.vbs
- C:\configration\buej\tik_wsr.txt
- %TEMP%\order_fд.vbs
- C:\configration\buej\tik_xwfyaiy.txt
- %TEMP%\order_jяiшo.vbs
- C:\configration\buej\tik_llrq.txt
- %TEMP%\order_سгكh.vbs
- C:\configration\buej\tik_wghrd.txt
- %TEMP%\order_فмhk.vbs
- C:\configration\buej\tik_qfm.txt
- %TEMP%\order_ll.vbs
- C:\configration\buej\tik_xqwhrcuf.txt
- %TEMP%\order_dлteiد.vbs
- C:\configration\buej\tik_yzzayk.txt
- %TEMP%\order_bщep.vbs
- C:\configration\buej\tik_vbxtiitgm.txt
- %TEMP%\order_لятيbы.vbs
- C:\configration\buej\tik_fds.txt
- %TEMP%\order_خfс.vbs
- C:\configration\buej\tik_gqeccy.txt
- %TEMP%\order_нzئr.vbs
- C:\configration\buej\tik_wuky.txt
- %TEMP%\order_خxا.vbs
- C:\configration\buej\tik_svhjero.txt
- %TEMP%\order_lخىbوك.vbs
- C:\configration\buej\tik_olznsy.txt
- C:\configration\buej\tik_qersjxdvx.txt
- %TEMP%\order_زمiщ.vbs
- C:\configration\buej\tik_nuugyhcbr.txt
- %TEMP%\order_شصث.vbs
- %TEMP%\order_hمخلx.vbs
- C:\configration\buej\tik_nwcvqfjut.txt
- %TEMP%\order_mزяlk.vbs
- C:\configration\buej\tik_bdzywi.txt
- %TEMP%\order_شعe.vbs
- C:\configration\buej\tik_gsqthctff.txt
- %TEMP%\order_ؤpوbz.vbs
- C:\configration\buej\tik_ukxxu.txt
- %TEMP%\order_uwخ.vbs
- C:\configration\buej\tik_oslkmxdy.txt
- %TEMP%\order_oشdvذj.vbs
- C:\configration\buej\tik_dcfmsy.txt
- %TEMP%\order_fв.vbs
- C:\configration\buej\tik_rlcdqfidt.txt
- C:\configration\buej\tik_jhjbmy.txt
- C:\configration\buej\tik_nbwi.txt
- %TEMP%\order_пسа.vbs
- C:\configration\buej\tik_ynqqvqbfh.txt
- %TEMP%\order_оuحь.vbs
- C:\configration\buej\tik_unrq.txt
- %TEMP%\order_فؤg.vbs
- C:\configration\buej\tik_xrsslpq.txt
- C:\configration\buej\ref.txt
- %TEMP%\order_qeщv.vbs
- C:\configration\buej\tik_gmy.txt
- %TEMP%\order_bь.vbs
- C:\configration\buej\dwn_jlcodc.exe
- C:\configration\buej\wbs.txt
- C:\configration\wbs.txt
- C:\configration\buej\tik_nerptp.txt
- C:\configration\buej\tik_juf.txt
- %TEMP%\order_зرя.vbs
- C:\configration\buej\tik_frgzg.txt
- %TEMP%\order_kb.vbs
- C:\configration\buej\tik_vxf.txt
- %TEMP%\order_كsgj.vbs
- C:\configration\buej\tik_nolryrheu.txt
- %TEMP%\order_زлyt.vbs
- C:\configration\buej\tik_pxsg.txt
- %TEMP%\order_mа.vbs
- C:\configration\buej\tik_ijjiko.txt
- %TEMP%\order_cخу.vbs
- C:\configration\buej\tik_sudu.txt
- %TEMP%\order_شзax.vbs
- C:\configration\buej\tik_coxlmftv.txt
- %TEMP%\order_хsزзf.vbs
- C:\configration\buej\tik_eiod.txt
- %TEMP%\order_iыs.vbs
- C:\configration\buej\tik_eochsn.txt
- %TEMP%\order_вnш.vbs
- C:\configration\buej\tik_yaptk.txt
- %TEMP%\order_ظу.vbs
- C:\configration\buej\tik_sodaz.txt
- %TEMP%\order_iعhد.vbs
- C:\configration\buej\tik_qtvevw.txt
- %TEMP%\order_lت.vbs
- C:\configration\buej\tik_clivebj.txt
- %TEMP%\order_يoق.vbs
- C:\configration\buej\tik_rrro.txt
- %TEMP%\order_eиئب.vbs
- C:\configration\buej\tik_snsdhjtn.txt
- %TEMP%\order_ذpjntz.vbs
- %TEMP%\order_يت.vbs
- %TEMP%\order_qqgй.vbs
- C:\configration\buej\tik_gmy.txt
- C:\configration\buej\tik_llrq.txt
- C:\configration\buej\tik_qfm.txt
- C:\configration\buej\tik_yzzayk.txt
- C:\configration\buej\tik_fds.txt
- C:\configration\buej\tik_wuky.txt
- C:\configration\buej\tik_juf.txt
- C:\configration\buej\tik_elxwux.txt
- C:\configration\buej\tik_zslyyq.txt
- C:\configration\buej\tik_vpymd.txt
- C:\configration\buej\tik_izfw.txt
- C:\configration\buej\tik_egho.txt
- C:\configration\buej\tik_nvqibu.txt
- C:\configration\buej\tik_eifmww.txt
- C:\configration\buej\tik_olznsy.txt
- C:\configration\buej\tik_vxf.txt
- C:\configration\buej\tik_pxsg.txt
- C:\configration\buej\tik_sudu.txt
- C:\configration\buej\tik_eiod.txt
- C:\configration\buej\tik_yaptk.txt
- C:\configration\buej\tik_qtvevw.txt
- C:\configration\buej\tik_rrro.txt
- C:\configration\buej\tik_frgzg.txt
- C:\configration\buej\tik_nbwi.txt
- C:\configration\buej\tik_bdzywi.txt
- C:\configration\buej\tik_ukxxu.txt
- C:\configration\buej\tik_dcfmsy.txt
- C:\configration\buej\tik_jhjbmy.txt
- C:\configration\buej\ref.txt
- C:\configration\buej\tik_unrq.txt
- C:\configration\buej\tik_wsr.txt
- C:\configration\buej\tik_onajcp.txt
- from C:\configration\buej\dwn_jlcodc.exe to C:\configration\buej\dwn_ps.exe
- C:\configration\buej\ref.txt
- http://pa###bin.com/download.php?i=########
- http://pa###bin.com/download/DDD0rAXN
- DNS ASK google.com
- DNS ASK pa###bin.com
- 'C:\configration\buej\dwn_jlcodc.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_лнl.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_شкغ.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_еشгك.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_رяث.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_نحSsp.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ишمл.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_wئح.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_PP.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ىуحил.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_eFуa.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_rBNغ.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_GT.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ؤZا.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_QqGй.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_сeتc.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_خxا.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_нzئR.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_خFс.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_لятيbы.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_bщeP.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Dлteiد.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_lL.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_فмhK.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_سгكh.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Jяiшo.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_fд.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_tуz.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_wWhъ.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_игOмx.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_طF.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_زمiщ.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_شصث.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_كsGj.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_bь.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_QeщV.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_فؤG.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_оuحь.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_пسа.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_hمخلX.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Fв.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_OشDvذJ.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_uwخ.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ؤpوbz.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_شعe.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_MزяLK.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ъsةنP.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Kb.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_LخىBوك.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_يت.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Mа.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_cخу.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_شзaX.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_хsزзf.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_зرя.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Iыs.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ظу.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_iعhد.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_lت.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_يOق.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_eиئب.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ذpJNTz.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_вNш.vbs"
- 'C:\configration\buej\dwn_ps.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_زлYT.vbs"
- '<SYSTEM32>\ping.exe' -n 1 www.google.com' (with hidden window)
- '<SYSTEM32>\ping.exe' -n 1 www.google.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_aطلسس.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_jo.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_йسكфя.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_aw.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_OгضI.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Hеغو.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_OdJ.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ыqE.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_بشoسط.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_аTXQ.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ئьz.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Fяzz.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_jصL.vbs"