Technical Information
- '%TEMP%\Server.exe'
- '%TEMP%\Server.exe' (downloaded from the Internet)
- %TEMP%\Server.exe
- 'hi###.rghost.ru':80
- 'wp#d':80
- hi###.rghost.ru/download/55855805/374ae46c9fbe7b4f17d8f234857f3f7db3503348/NJServer.exe
- wp#d/wpad.dat
- DNS ASK hi###.rghost.ru
- DNS ASK wp#d