Technical Information
- '%PROGRAM_FILES%\11.exe'
- '%PROGRAM_FILES%\11.exe' (downloaded from the Internet)
- %PROGRAM_FILES%\11.exe
- 'ar.##host.net':80
- 'wp#d':80
- ar.##host.net/download/54752646/620a484c4159ab93ae13ee5f86904248fc8d3028/Server.exe
- wp#d/wpad.dat
- DNS ASK ar.##host.net
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'