Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Security] 'Start' = '00000002'
- '<SYSTEM32>\iexplore.exe' /service
- '<SYSTEM32>\cmd.exe' /c <Current directory>\$$a5562$$.bat
- <Current directory>\$$a5562$$.bat
- <SYSTEM32>\iexplore.exe
- 'wu###.gnway.net':2368
- DNS ASK wu###.gnway.net