Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dcsupdate.exe' = '<SYSTEM32>\dcsupdate.exe'
- <SYSTEM32>\dcsupdate.exe (downloaded from the Internet)
- <SYSTEM32>\dcsupdate.exe
- 'po##a.com':80
- po##a.com/dcsupdate.exe
- DNS ASK po##a.com
- ClassName: 'Indicator' WindowName: ''