Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'C8AA5A82' = '%APPDATA%\C8AA5A82\bin.exe'
- <SYSTEM32>\taskhost.exe
- iexplore.exe
- firefox.exe process, nss3.dll module
- iexplore.exe process, wininet.dll module
- %APPDATA%\c8aa5a82\bin.exe
- 'yn####yopqvu.com':80
- 'ts####ebctem.com':80
- 'tk####kjsjrn.com':80
- 'tw####dpircd.com':80
- 'eq####jjuicl.com':80
- 'nm####tebgpk.info':80
- 'ho####hjsdeo.info':80
- http://yn####yopqvu.com/spam/
- http://ts####ebctem.com/spam/
- http://tk####kjsjrn.com/spam/
- http://tw####dpircd.com/spam/
- http://eq####jjuicl.com/spam/
- http://nm####tebgpk.info/spam/
- http://ho####hjsdeo.info/spam/
- DNS ASK google.com
- DNS ASK yn####yopqvu.com
- DNS ASK ts####ebctem.com
- DNS ASK tk####kjsjrn.com
- DNS ASK tw####dpircd.com
- DNS ASK eq####jjuicl.com
- DNS ASK nm####tebgpk.com
- DNS ASK nm####tebgpk.net
- DNS ASK nm####tebgpk.info
- DNS ASK ho####hjsdeo.com
- DNS ASK ho####hjsdeo.net
- DNS ASK ho####hjsdeo.info
- '%WINDIR%\syswow64\winver.exe'