Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Firewall' = '%HOMEPATH%\System.exe'
- %TEMP%\Screenshot00.jpeg
- %TEMP%\Screenshot000.jpeg
- %TEMP%\Screenshot0.jpeg
- %HOMEPATH%\System.exe
- %TEMP%\Screenshot.jpeg
- 'ka######rns.ka.funpic.de':21
- 'wp#d':80
- wp#d/wpad.dat
- DNS ASK ka######rns.ka.funpic.de
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'