Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SystemHost' = '"%TEMP%\QWE\svchost.exe"'
- %TEMP%\QWE\svchost.exe
- 'wp#d':80
- 'ip###ger.com':443
- 'zw#######tvgybhunji.zapto.org':35417
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK wp#d
- DNS ASK ip###ger.com
- DNS ASK zw#######tvgybhunji.zapto.org
- '%TEMP%\QWE\svchost.exe'