Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MalwareBot' = '<Current directory>\MalwareBot.exe -boot'
- %WINDIR%\Tasks\MalwareBot Scheduled Scan.job
- %TEMP%\~DF8359.tmp
- %APPDATA%\MalwareBot\Log\2017 Oct 04 - 07_47_03 PM_875.log
- 'sp#####db3.2squared.com':80
- http://sp#####db3.2squared.com/update/info
- DNS ASK sp#####db3.2squared.com