Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'eem' = '"<SYSTEM32>\dhcp\eem.exe"'
- <SYSTEM32>\dhcp\eem.exe /i
- <SYSTEM32>\cmd.exe /c \tshow9529.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\sc[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ld[1].php
- C:\tshow9529.bat
- <SYSTEM32>\dhcp\eem.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ld[1].php
- 'pt#.###reativecp.com':80
- '20#.#6.232.182':80
- 'pd#.##ncommerce.com':80
- pt#.###reativecp.com/sc.php?cp#########
- pd#.##ncommerce.com/ld.php?of###################
- pd#.##ncommerce.com/bmoy.php
- pd#.##ncommerce.com/ld.php?of##########
- 20#.#6.232.182/
- pd#.##ncommerce.com/jmoy.php?np#######
- DNS ASK pt#.###reativecp.com
- DNS ASK www.microsoft.com
- DNS ASK pd#.##ncommerce.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''