Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Load' = '%APPDATA%\FolderN\name.exe.lnk'
- %HOMEPATH%\AppData\Roaming\FolderN\name.exe.lnk
- C:\Documents
- %HOMEPATH%\AppData\Roaming\tmp.exe
- %TEMP%\svhost.exe
- %TEMP%\d8d9d50a-ee21-43e5-8fd5-fe3c7cd5ccab
- 'wp#d':80
- 'bo#.####ismyipaddress.com':80
- 'sm##.gmail.com':587
- http://11#.#11.111.1/wpad.dat via wp#d
- http://bo#.####ismyipaddress.com/
- DNS ASK wp#d
- DNS ASK bo#.####ismyipaddress.com
- DNS ASK sm##.gmail.com
- '%HOMEPATH%\AppData\Roaming\tmp.exe'
- '<Full path to file>'
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%APPDATA%\FolderN\name.exe.lnk" /f