Technical Information
- '%WINDIR%\explorer.exe' 2848 "%APPDATA%\Temp\svchost.exe"
- '<SYSTEM32>\notepad.exe'
- '<SYSTEM32>\cmd.exe' /C move /y "%TEMP%\nothing.lnk" "%HOMEPATH%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\utorrent.lnk"
- %WINDIR%\explorer.exe
- %TEMP%\0.pdf
- %TEMP%\iOWlZMamEJ.txt
- %TEMP%\nothing.lnk
- %APPDATA%\Temp\svchost.exe
- 'ne####.hopto.org':53912
- DNS ASK ne####.hopto.org