Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\<File name>.exe
- 'C:\psys2\UnRAR.exe' (downloaded from the Internet)
- 'C:\psys2\UnRAR.exe' x C:\psys2\psys.rar C:\psys2\main
- C:\psys2\UnRAR.exe
- C:\psys2\psys.rar
- 'th####toblog.xyz':80
- 'localhost':1037
- http://th####toblog.xyz/UnRAR.klp
- http://th####toblog.xyz/psys3.rar
- DNS ASK th####toblog.xyz
- ClassName: 'Shell_TrayWnd' WindowName: ''