Technical Information
- '%TEMP%\conwurm.exe'
- '<SYSTEM32>\taskhost.exe'
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\1405UKmp[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\1405UKmp[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\1405UKmp[1].enc
- %TEMP%\conwurm.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\1405UKmp[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\1405UKmp[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\1405UKmp[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\1405UKmp[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\1405UKmp[1].enc
- 'je####ahann.co.uk':80
- 'mo####gebidders.ca':80
- je####ahann.co.uk/wp-content/uploads/2013/13/1405UKmp.enc
- mo####gebidders.ca/fonts/1405UKmp.enc
- DNS ASK je####ahann.co.uk
- DNS ASK mo####gebidders.ca