Technical Information
- '%TEMP%\Server.exe'
- '%TEMP%\Server.exe' (downloaded from the Internet)
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
- %TEMP%\Server.exe
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
- 'ta#.#ghost.ru':80
- 'wp#d':80
- ta#.#ghost.ru/download/55987349/75df944712ccd39df9a65b2dbb79d32ba1f69b6d/Server.exe
- wp#d/wpad.dat
- DNS ASK ta#.#ghost.ru
- DNS ASK wp#d