Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HndPrjProc' = '%APPDATA%\HndPrjProc.exe'
- %APPDATA%\HndPrjProc.exe
- %APPDATA%\Sheet12.pdf
- 'co####syns.c4.fr':80
- 'co####syns.usa.cc':80
- 'wp#d':80
- 'co###vsyns.tk':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://co####syns.usa.cc/j.php?39#####
- http://co####syns.c4.fr/j.php?79#####
- http://co###vsyns.tk/j.php?44#####
- DNS ASK co####syns.c4.fr
- DNS ASK co####syns.usa.cc
- DNS ASK wp#d
- DNS ASK co###vsyns.tk
- '%APPDATA%\HndPrjProc.exe'