Technical Information
- '%HOMEPATH%\b45S58yO.exe'
- '%HOMEPATH%\b45S58yO.exe' (downloaded from the Internet)
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\powershell[1].exe
- %HOMEPATH%\b45S58yO.exe
- %TEMP%\aut1.tmp
- %HOMEPATH%\b72J84dJ.AR9
- %HOMEPATH%\b45S58yO.exe
- %HOMEPATH%\b72J84dJ.AR9
- %HOMEPATH%\b72J84dJ.AR9
- %TEMP%\aut1.tmp
- 'pr###.#havetohave.net':80
- pr###.#havetohave.net/1/powershell.exe
- DNS ASK pr###.#havetohave.net