Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CE86F94D' = '%APPDATA%\CE86F94D\bin.exe'
- <SYSTEM32>\taskhost.exe
- iexplore.exe
- firefox.exe process, nss3.dll module
- iexplore.exe process, wininet.dll module
- %APPDATA%\ce86f94d\bin.exe
- 're####aoneveter.cc':80
- 'di####ijkpop.com':80
- 'di####ijkpop.net':80
- http://re####aoneveter.cc/vet7sdfh678sdjjs7er0k/
- http://di####ijkpop.com/vet7sdfh678sdjjs7er0k/
- http://di####ijkpop.net/vet7sdfh678sdjjs7er0k/
- DNS ASK re####aoneveter.cc
- DNS ASK di####ijkpop.com
- DNS ASK di####ijkpop.net
- '%WINDIR%\syswow64\winver.exe'