Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\INJ1.tmp' = '%TEMP%\INJ1.tmp:*:enabled:@shell32.dll,-1'
- '%TEMP%\INJ1.tmp'
- %WINDIR%\Explorer.EXE
- %TEMP%\INJ1.tmp
- 'yo####ile.download':80
- http://yo####ile.download/go.php?a_#######################################
- DNS ASK yo####ile.download