Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'xwp' = '<Full path to virus>'
- %TEMP%\xxxwrp010yyzz\.last_update
- %TEMP%\xxx1.tmp
- 'up####newfile.com':80
- 'w2.####adnewfile.com':80
- up####newfile.com/pp/cfg
- w2.####adnewfile.com/pbin/bin.zip
- DNS ASK up####newfile.com
- DNS ASK w2.####adnewfile.com
- '<Private IP address>':1035
- ClassName: 'Indicator' WindowName: ''