Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'My Directry8' = 'C:\recycler\DnsSvc.exe'
- hidden files
- file extensions
- <SYSTEM32>\Usermf\userc\DnsSvc.exe
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\Usermf\userc\s_wine_flu.bat" "
- <SYSTEM32>\wscript.exe "<SYSTEM32>\Usermf\userc\s_wine_flu.vbs"
- <SYSTEM32>\Usermf\userc\s_wine_flu.vbs
- %TEMP%\ms2857.tmp
- C:\RECYCLER\DnsSvc.exe
- <SYSTEM32>\Usermf\userc\s_wine_flu.bat
- <SYSTEM32>\Usermf\userc\WikiLeaks.doc
- <SYSTEM32>\Usermf\userc\DnsSvc.exe
- <SYSTEM32>\Usermf\userc\fire.bat
- 'tr##in.net':1700
- DNS ASK tr##in.net
- '<Private IP address>':1033
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''