Technical Information
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\WinUrl.url
- %ALLUSERSPROFILE%\Application Data\{3a1cf0c9-9162-0a89-9efd-3192321975ed}\hostdl.exe
- %ALLUSERSPROFILE%\Application Data\{3a1cf0c9-9162-0a89-9efd-3192321975ed}\hostdl.exe
- 'wp#d':80
- '5.###.231.110':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://5.###.231.110/supreme/files/toolset.txt
- DNS ASK wp#d
- '<SYSTEM32>\schtasks.exe' /create /tn WinUrl /tr %ALLUSERSPROFILE%\Application Data\{3a1cf0c9-9162-0a89-9efd-3192321975ed}\hostdl.exe /sc minute /F