Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows2' = '%APPDATA%\System.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\windows.lnk
- %TEMP%\sss.exe
- %TEMP%\betternetforwindows.exe
- %TEMP%\nsh94e0.tmp\system.dll
- %TEMP%\nsh94e0.tmp\betternetforwindows.msi
- %APPDATA%\microsoft\windows\templates\windows.lnk
- %APPDATA%\system.exe
- %APPDATA%\system.exe
- 'aq#.#inkpc.net':5552
- 'microsoft.com':80
- 'oc##.thawte.com':80
- DNS ASK aq#.#inkpc.net
- DNS ASK microsoft.com
- DNS ASK st####.rapidssl.com
- DNS ASK oc##.thawte.com
- '%TEMP%\sss.exe'
- '%TEMP%\betternetforwindows.exe'
- '%APPDATA%\system.exe'
- '%WINDIR%\syswow64\attrib.exe' +h +r +s "%APPDATA%\System.exe"' (with hidden window)
- '%WINDIR%\syswow64\msiexec.exe' /I "%TEMP%\nsh94E0.tmp\BetternetForWindows.msi"
- '%WINDIR%\syswow64\attrib.exe' +h +r +s "%APPDATA%\System.exe"