Technical Information
- '%TEMP%\taskmgr.exe'
- '%ALLUSERSPROFILE%\Application Data\update.exe'
- '%ALLUSERSPROFILE%\Application Data\update.exe' (downloaded from the Internet)
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\taskmgr.exe" "taskmgr.exe" ENABLE
- %TEMP%\taskmgr.exe
- %ALLUSERSPROFILE%\Application Data\update.exe
- %ALLUSERSPROFILE%\Application Data\update.exe
- from %TEMP%\taskmgr.exe to %TEMP%\tmpG859.tmp
- 'na####ot.ddns.net':1111
- 'la###time.ru':80
- 'wp#d':80
- http://la###time.ru/data/update.exe
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK na####ot.ddns.net
- DNS ASK la###time.ru
- DNS ASK wp#d