Technical Information
- System Restore (SR)
- '%TEMP%\JBDopNaMPK.exe'
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "DisableSR" /t REG_DWORD /d "1" /f
- %TEMP%\JBDopNaMPK.exe
- 'ap#.##pmania.com':80
- '<Private IP address>':80
- 'wp#d':80
- ap#.##pmania.com/
- <Private IP address>/
- wp#d/wpad.dat
- DNS ASK ap#.##pmania.com
- DNS ASK wp#d