Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Win32Svc' = '<Full path to file>'
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1304
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn "Dec%USERNAME%" /tr "<Full path to file>"
- %TEMP%\47357.dmp
- %TEMP%\dw.log
- 've###spaned.pw':2817
- 'ws###atehq.pw':2817
- 'an###nter.pw':2817
- 'ms##idll.pw':2817
- 'wp#d':80
- 'ip##pi.com':80
- '18#.#1.138.63':2817
- http://ip##pi.com/line/
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ve###spaned.pw
- DNS ASK ws###atehq.pw
- DNS ASK an###nter.pw
- DNS ASK wp#d
- DNS ASK ip##pi.com
- DNS ASK ms##idll.pw
- ClassName: 'Shell_TrayWnd' WindowName: ''