Technical Information
- '<SYSTEM32>\extrac32.exe' helff.hp_
- '<SYSTEM32>\rundll32.exe' helf.hpl,YDCFOMQICNKAUXS
- %TEMP%\borw4.doc
- %TEMP%\helf.hp_
- %APPDATA%\microsoft\templates\helf.hpl
- %TEMP%\borw4 (2).doc
- %TEMP%\borw4 (2).doc
- from %TEMP%\helf.hp_ to %APPDATA%\microsoft\templates\helff.hp_
- from %TEMP%\borw4.doc to %TEMP%\~wrl0001.tmp
- %TEMP%\borw4.doc
- 'ap#.#pify.org':80
- 'oc###tehou.ru':80
- 'lu###tsawfu.ru':80
- http://ap#.#pify.org/
- DNS ASK ap#.#pify.org
- DNS ASK na###eelr.com
- DNS ASK oc###tehou.ru
- DNS ASK lu###tsawfu.ru
- '<SYSTEM32>\extrac32.exe' helff.hp_' (with hidden window)
- '<SYSTEM32>\rundll32.exe' helf.hpl,YDCFOMQICNKAUXS' (with hidden window)