Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\TM.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\Trojan] 'Start' = '00000002'
- <SYSTEM32>\Virus.exe
- C:\wybho.exe
- C:\dk8888.exe
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\Thunder.dll"
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\wybho.dll"
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\wybho.dll
- <SYSTEM32>\Thunder.dll
- %PROGRAM_FILES%\Internet Explorer\wybho.exe
- C:\dk8888.exe
- C:\wybho.exe
- <SYSTEM32>\Virus.exe
- C:\dk8888.exe
- 'da####ell.2288.org':8888
- DNS ASK da####ell.2288.org