Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'downloader' = '"%TEMP%\downloader.exe"'
- '%TEMP%\Host System.exe' (downloaded from the Internet)
- '%TEMP%\downloader.exe'
- '%TEMP%\Host System.exe' -user secur8y@gmail.com -xmr 1
- %TEMP%\Qt5WebSockets.dll
- %TEMP%\Qt5Network.dll
- %TEMP%\ssleay32.dll
- %TEMP%\Host System.exe
- %TEMP%\vccorlib110.dll
- %TEMP%\Qt5Core.dll
- %TEMP%\cudart32_60.dll
- %TEMP%\downloader.exe
- %TEMP%\libeay32.dll
- %TEMP%\msvcr110.dll
- %TEMP%\msvcp110.dll
- 'www.go####wsnow.co.nf':80
- 'wp#d':80
- http://www.go####wsnow.co.nf/Qt5WebSockets.dll
- http://www.go####wsnow.co.nf/Qt5Network.dll
- http://www.go####wsnow.co.nf/ssleay32.dll
- http://www.go####wsnow.co.nf/system.zzz
- http://www.go####wsnow.co.nf/vccorlib110.dll
- http://www.go####wsnow.co.nf/Qt5Core.dll
- http://www.go####wsnow.co.nf/cudart32_60.dll
- http://11#.#11.111.1/wpad.dat via wp#d
- http://www.go####wsnow.co.nf/libeay32.dll
- http://www.go####wsnow.co.nf/msvcr110.dll
- http://www.go####wsnow.co.nf/msvcp110.dll
- DNS ASK www.go####wsnow.co.nf
- DNS ASK wp#d