Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ieuu' = '"C:\PROGRA~2\COMMON~1\CURITY~1\cmd.exe" -vt rbnd'
- %CommonProgramFiles%\curity~1\cmd.exe
- %CommonProgramFiles%\curity~1\cmd.exe
- http://nf.###erinfo.com/notify.php?pi######################################################################
- http://cu.###erinfo.com/query.php
- DNS ASK nf.###erinfo.com
- DNS ASK cu.###erinfo.com
- '%CommonProgramFiles%\curity~1\cmd.exe' -vt rbnd