Technical Information
- '%TEMP%\sarver.exe' (downloaded from the Internet)
- '<SYSTEM32>\taskkill.exe' /F /IM Network Analyzer.exe
- '<SYSTEM32>\taskkill.exe' /F /IM MKN TaskExplorer.exe
- '<SYSTEM32>\taskkill.exe' /F /IM AntiLogger.exe
- '<SYSTEM32>\taskkill.exe' /F /IM NetworkMiner.exe
- '<SYSTEM32>\taskkill.exe' /F /IM TCPView.exe
- '<SYSTEM32>\taskkill.exe' /F /IM TCPEye.exe
- '<SYSTEM32>\taskkill.exe' /F /IM SpyTheSpy.exe
- '<SYSTEM32>\taskkill.exe' /F /IM ProcessHacker.exe
- '%TEMP%\sarver.exe'
- '<SYSTEM32>\taskkill.exe' /F /IM cports.exe
- '<SYSTEM32>\taskkill.exe' /F /IM apateDNS.exe
- '<SYSTEM32>\taskkill.exe' /F /IM procexp.exe
- %TEMP%\sarver.exe
- 'ww##.#ippyshare.com':80
- 'wp#d':80
- http://ww##.#ippyshare.com/d/wUzOUFDg/168484/Server.exe
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ww##.#ippyshare.com
- DNS ASK wp#d
- ClassName: '' WindowName: ''