Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AutoStart' = '<Full path to virus>'
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\aux_providor] 'Name' = '<SYSTEM32>\spool\PRTPROCS\W32X86\1.tmp'
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\spool\prtprocs\w32x86\1.tmp
- %ALLUSERSPROFILE%\Application Data\common.data
- <SYSTEM32>\spool\prtprocs\w32x86\1.tmp
- '20#.#5.119.122':8080
- DNS ASK
- DNS ASK �a####.####45�z@xRzx���PA�G��^P�-=/Q_3K�1�;��K�U��.Bo\���
- DNS ASK �f#####################.#########N�A!b5�C�&��C�)��h?I ��K�S�G�t�� �y(�jTG���ʦ�����lQQ7¯�bS����]~�.�:��~ r����!�Mڌ��!,
- DNS ASK �f###���q�L2`"h