Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dwtson' = '%TEMP%\Adobe32.exe'
- '%TEMP%\Adobe32.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\autoexe.bat
- '%WINDIR%\explorer.exe' "<Current directory>\<File name>"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\autoexec.bat
- '<SYSTEM32>\cmd.exe' /c %TEMP%\autoexeca.bat
- %TEMP%\autoexeca.bat
- %TEMP%\autoexe.bat
- %TEMP%\YmailerMini.log
- %TEMP%\Adobe32.exe
- <Current directory>\<File name>\Џо•с‚Ж’ІЌёNO.104Ѓ@2014”N11ЊЋ.pdf
- %TEMP%\autoexec.bat
- '17#.#54.227.140':80
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://17#.#54.227.140/simple/index.html
- DNS ASK wp#d