Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Install' = '%APPDATA%\Install.exe'
- '' (downloaded from the Internet)
- %APPDATA%\Install.exe
- 'da####lewisdc.com':80
- http://www.da####lewisdc.com/wp-admin/user/user/Install.exe via da####lewisdc.com
- DNS ASK www.da####lewisdc.com
- '%APPDATA%\Install.exe'