Technical Information
- '%TEMP%\conwurm.exe'
- '<SYSTEM32>\taskhost.exe'
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\1405UKmw[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\1405UKmw[1].enc
- %TEMP%\conwurm.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\1405UKmw[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\1405UKmw[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\1405UKmw[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\1405UKmw[1].enc
- 'pi#####llytrust.co.uk':80
- 'up###ift.net':80
- pi#####llytrust.co.uk/scripts/1405UKmw.enc
- up###ift.net/Backup/test/1405UKmw.enc
- DNS ASK pi#####llytrust.co.uk
- DNS ASK up###ift.net