Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '18.exe' = '%APPDATA%windows\18.exe'
- <Current directory>:{49007200-7900-6700-6300-610058005500}
- <Current directory>:{47003600-6500-4D00-5900-610045007500}
- %ALLUSERSPROFILE%\Application Data\Isolated Storage\{47003600-6500-4D00-5900-610045007500}
- %APPDATA%windows\18.exe
- %APPDATA%\23EF5514-3059-436F-A4A7-4CEFAAB20EB1\run.dat
- 'localhost':1036
- 'localhost':9033
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- ClassName: '' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -nohome