Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'sat' = '<Full path to file>'
- '%TEMP%\other.vbs'
- '%TEMP%\other.exe'
- '%TEMP%\other.vbs' (downloaded from the Internet)
- '%TEMP%\other.exe' (downloaded from the Internet)
- '<SYSTEM32>\cscript.exe' "%TEMP%\\other.vbs"
- '<SYSTEM32>\cmd.exe' /C CScript "%temp%\\other.vbs"
- %TEMP%\other.vbs
- %TEMP%\other.exe
- 'f2###.myq-see.com':80
- 'wp#d':80
- http://f2###.myq-see.com/download/other/server.exe
- http://f2###.myq-see.com/download/other/server.vbs
- http://11#.#11.111.1/wpad.dat via wp#d
- http://f2###.myq-see.com/
- DNS ASK f2###.myq-see.com
- DNS ASK wp#d