Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '%TEMP%\ww9xo.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Resurections' = '%TEMP%\ww9xo.exe'
- %TEMP%\ww9xo.exe
- %TEMP%\rj9823jikefr83f.tmp
- %TEMP%\ww9xo.exe
- DNS ASK ge##ps.info
- DNS ASK up####sabout.com
- ClassName: 'c333l991' WindowName: 'bibmozg1'
- ClassName: 'cl333992' WindowName: 'bibmozg2'
- '%TEMP%\ww9xo.exe'
- '%TEMP%\ww9xo.exe' ' (with hidden window)