Technical Information
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'winhlp32.exe' = '%APPDATA%\OWZCEN323F\\winhlp32.exe'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'winhlp32.exe' = '%APPDATA%\OWZCEN323F\winhlp32.exe'
- %APPDATA%\owzcen323f\winhlp32.exe
- %APPDATA%\owzcen323f\winhlp32.exe
- http://www.h1#####.s24.test-hf.su/blog/tasks.php
- DNS ASK h1#####.s24.test-hf.su
- '%APPDATA%\owzcen323f\winhlp32.exe' <Full path to file>