Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd3a03b46250a3b28b490109cef354b3f' = '%ALLUSERSPROFILE%\Application Data\Important.exe'
- %ALLUSERSPROFILE%\Application Data\CRNJEUFU_8_16_7_2_1.jpg
- %ALLUSERSPROFILE%\Application Data\Important.exe
- 'ka###chie.com':80
- 'wp#d':80
- http://ka###chie.com/kb/kbpanel/post.php?ty##########################################################
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ka###chie.com
- DNS ASK wp#d