Technical Information
- %TEMP%\5f560318-ea66-b4b2-653a-9cb3ff536d9a
- %APPDATA%\WTFLWR\aAAAAA.xml
- %APPDATA%\WTFLWR\WTFLWR.exe
- %APPDATA%\WTFLWR\aAAAAA.xml
- 'sm##.yandex.com':587
- 'bo#.####ismyipaddress.com':80
- 'wp#d':80
- http://bo#.####ismyipaddress.com/
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK sm##.yandex.com
- DNS ASK bo#.####ismyipaddress.com
- DNS ASK wp#d
- '<Full path to file>'
- '<SYSTEM32>\schtasks.exe' /Create /TN "WTFLWR\WTFLWR" /XML "%APPDATA%\WTFLWR\aAAAAA.xml"