Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\winlogin.exe
- %TEMP%\rstawx3zyr8i4.exe
- %TEMP%\kobaccrypter.exe
- %TEMP%\kobaccrypter.exe
- http://wh###smyip.com/automation/n09230945.asp
- DNS ASK wh###smyip.com
- DNS ASK Sm##.gmail.com
- '%TEMP%\rstawx3zyr8i4.exe'
- '%TEMP%\kobaccrypter.exe'