Technical Information
- '%TEMP%\kilf1.exe'
- '%TEMP%\budha.exe'
- '%TEMP%\kilf1.exe' (downloaded from the Internet)
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- %TEMP%\kilf1.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\Targ-rhc1405[1].dat
- %TEMP%\budha.exe
- 'ma####rixton.com':80
- ma####rixton.com/css/Targ-rhc1405.dat
- DNS ASK ma####rixton.com