Technical Information
- '<SYSTEM32>\cmd.exe' /C rd /s /q %temp%
- '%APPDATA%\Chrono_cauRI2\Chrono_cWzYcW.exe'
- %APPDATA%\Chrono_cauRI2\Chrono_cWzYcW.exe
- %APPDATA%\Chrono_cauRI2\Chrono_cWzYcW.exe
- 'eg#####lay.p-host.in':80
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://eg#####lay.p-host.in/ns/gfiles.php
- DNS ASK eg#####lay.p-host.in
- DNS ASK wp#d