Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Systemdata' = '%APPDATA%\Systemdata\svchost.exe'
- %HOMEPATH%\Desktop\traderobot\icon.png
- %HOMEPATH%\Desktop\traderobot\icon128.png
- %HOMEPATH%\Desktop\traderobot\icon16.png
- %HOMEPATH%\Desktop\traderobot\icon48.png
- %HOMEPATH%\Desktop\traderobot\manifest.json
- %HOMEPATH%\Desktop\traderobot\ot.js
- %HOMEPATH%\Desktop\traderobot\popup.html
- %HOMEPATH%\Desktop\traderobot\popup.js
- %TEMP%\wfa.exe
- %APPDATA%\Systemdata\svchost.exe
- 'wp#d':80
- 'gf##fh.ru':8888
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK wp#d
- DNS ASK gf##fh.ru
- '%TEMP%\wfa.exe'