Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'wko1fz33x4' = '"%APPDATA%\wko1fz33x4.exe"'
- %HOMEPATH%\Start Menu\Programs\Startup\wko1fz33x4.vbs
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe' "%APPDATA%\wko1fz33x4.exe" bpW7xmdCt7 nUcFWR2FIz
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe' "<Full path to file>"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %APPDATA%\wko1fz33x4.exe
- 'mo##re40.tk':80
- 'my####rnalip.com':80
- 'wp#d':80
- http://my####rnalip.com/raw
- http://11#.#11.111.1/wpad.dat via wp#d
- http://mo##re40.tk/gate.php
- DNS ASK mo##re40.tk
- DNS ASK my####rnalip.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''