Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WinWord' = '%APPDATA%\Windows\WinWord.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %APPDATA%\Windows\WinWord.exe
- %WINDIR%\1042983702\wscntfy
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe to %WINDIR%\1042983702\wscntfy
- 'ri####ot.host-ed.me':80
- http://ri#####t.host-ed.me:80/Bot/gate.php via ri####ot.host-ed.me
- DNS ASK ri####ot.host-ed.me
- ClassName: '#32770' WindowName: 'Windows Task Manager'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'