Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\mag_myhyt.exe
- %APPDATA%\<File name>.exe
- 're#######da.gratisphphost.info':80
- 'fa###ook.com':80
- 'fa###ook.com':443
- 'microsoft.com':80
- http://re#######da.gratisphphost.info/insdb.php?ta##############################################################
- http://www.fa###ook.com/
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'fa###ook.com':443
- DNS ASK re#######da.gratisphphost.info
- DNS ASK fa###ook.com
- DNS ASK microsoft.com
- ClassName: 'MS_WINHELP' WindowName: ''
- '%APPDATA%\<File name>.exe'
- '%APPDATA%\<File name>.exe' ' (with hidden window)