Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MicrosoftNAPC' = '<SYSTEM32>\traymgr.exe'
- <Drive name for removable media>:\auTORUN.inf
- <Drive name for removable media>:\cold\hott\traymgr.exe
- <Drive name for removable media>:\cold\hott\Desktop.ini
- <SYSTEM32>\traymgr.exe
- <SYSTEM32>\traymgr.exe
- <Drive name for removable media>:\cold\hott\traymgr.exe
- <SYSTEM32>\traymgr.exe
- 'up####.legion014.com':81
- DNS ASK up####.legion014.com
- '<Private IP address>':1035
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '#32770' WindowName: ''