Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'msdb203c5c7.exe' = '"%APPDATA%\Roaming\Microsoft\msdb203c5c7.exe"'
- <SYSTEM32>\Dwm.exe
- %APPDATA%\Roaming\Microsoft\msdb203c5c7.exe
- %TEMP%\9522115~.bat
- %TEMP%\22b7288~
- %TEMP%\22b7288~
- '14#.#.18.239':8080
- '19#.#5.182.110':8080
- '88.##8.192.116':8080
- '72.##.150.60':8080
- '94.##.192.208':8080
- '16#.#44.45.246':8080
- '16#.#44.35.78':8080
- '13#.#13.133.96':8080
- '20#.#50.6.60':8080
- '19#.#63.208.168':8080
- '16#.#44.77.164':8080
- '16#.#44.88.73':8080
- '10#.#87.103.213':8080
- '94.##.28.211':8080
- '88.##8.228.111':8080
- ClassName: 'Indicator' WindowName: ''