Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '%APPDATA%\WindowsApplication1\WindowsApplication1\1.0.0.0\winapp.exe' = 'True'
- '' (downloaded from the Internet)
- %APPDATA%\WindowsApplication1\WindowsApplication1\1.0.0.0\winapp.exe
- 'ww###.#ippyshare.com':80
- 'wp#d':80
- http://ww###.#ippyshare.com/d/omSuBfnF/38076/Server.exe
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ww###.#ippyshare.com
- DNS ASK wp#d
- '%APPDATA%\WindowsApplication1\WindowsApplication1\1.0.0.0\winapp.exe'