Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '516C4E05' = '%APPDATA%\516C4E05\bin.exe'
- <SYSTEM32>\taskhost.exe
- iexplore.exe
- iexplore.exe process, wininet.dll module
- firefox.exe process, nss3.dll module
- %APPDATA%\516c4e05\bin.exe
- 'sp##nes.pw':80
- http://sp##nes.pw/EiDQjNbWEQ/
- DNS ASK sp##nes.pw
- '%WINDIR%\syswow64\winver.exe'