Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\starting.vbe
- %TEMP%\rarsfx0\run.vbs
- %TEMP%\rarsfx0\setup.exe
- %TEMP%\rarsfx0\starting.vbe
- 'pa###bin.com':443
- 'microsoft.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- DNS ASK microsoft.com
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: 'AcrobatTrayIcon'
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\RarSFX0\run.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\RarSFX0\Starting.vbe"
- '%TEMP%\rarsfx0\setup.exe'