Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Wordpad' = '%CommonProgramFiles%\System\VLC_Update.exe'
- <Drive name for removable media>:\Movie\Naughty America.exe
- file extensions
- <SYSTEM32>\cmd.exe
- ntvdm.exe
- %TEMP%\temp.html
- C:\Naughty America.exe
- %CommonProgramFiles%\System\VLC_Update.exe
- 'da####i-bohras.com':80
- http://da####i-bohras.com/index.php
- DNS ASK da####i-bohras.com