Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\secprocessingwindowssystem.lnk
- %TEMP%\serati al thatia.docx
- %PROGRAMDATA%\guid.bin
- %TEMP%\nzfd5yu7i5
- %PROGRAMDATA%\secprocessingwindowssystem.exe
- %TEMP%\ksh8usgqti
- %TEMP%\nzfd5yu7i5
- %TEMP%\ksh8usgqti
- 'ju####evenson.info':80
- http://ju####evenson.info/vcapicv/vchivmqecv/vbqsrot
- http://ju####evenson.info/vcapicv/vchivmqecv/ziozaz
- http://ju####evenson.info/vcapicv/vchivmqecv/tfjtreg
- http://ju####evenson.info/vcapicv/vchivmqecv/pcyjwn
- DNS ASK ju####evenson.info
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "%TEMP%\serati al thatia.docx"