Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\windowsmanagementservice] 'ImagePath' = '<LS_APPDATA>\ykczba\ct.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\windowsmanagementservice] 'Start' = '00000002'
- '<LS_APPDATA>\ykczba\ct.exe'
- '<LS_APPDATA>\ykczba\ct.exe' -install
- '<LS_APPDATA>\report' -install
- %TEMP%\2.tmp
- <LS_APPDATA>\homepageoptimizer\homepageoptimizer.exe
- %HOMEPATH%\Desktop\homepageoptimizer.lnk
- <LS_APPDATA>\ykczba\ct.exe
- %TEMP%\1.tmp
- <LS_APPDATA>\report
- <LS_APPDATA>\ykczba\temp
- %TEMP%\2.tmp
- <LS_APPDATA>\ykczba\temp
- %TEMP%\1.tmp
- '17#.#92.28.166':80
- 'www.tt##b.com':80
- http://www.tt##b.com/report?s=###################
- http://17#.#92.28.166/interface/getFile?A9##############################################################################
- http://www.tt##b.com/report?s=###########
- DNS ASK www.tt##b.com