Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'Client Server Runtime Subsystem' = '"%ALLUSERSPROFILE%\Application Data\Windows\csrss.exe"'
- '%TEMP%\radce248.tmp'
- %HOMEPATH%\local settings\<INETFILES>\content.ie5\z9pmdpek\1c[1].jpg
- %TEMP%\radce248.tmp
- %ALLUSERSPROFILE%\application data\windows\csrss.exe
- %TEMP%\6893a5~1\state.tmp
- from %TEMP%\6893a5~1\state.tmp to %TEMP%\6893a5~1\state
- 'localhost':1039
- '15#.35.32.5':443
- '76.##.17.194':9090
- http://www.th###falz.de/wp-content/themes/suits/inc/1c.jpg
- DNS ASK th###falz.de
- '<SYSTEM32>\cmd.exe' /c %TEMP%\radCE248.tmp' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\radCE248.tmp