Technical Information
- [<HKLM>\Software\Classes\exefile\shell\open\command] '' = '\RECYCLER\RP02\Nod32.Temp\run %1 %*'
- '%WINDIR%\syswow64\taskkill.exe' /IM msconfig.exe /F
- '%WINDIR%\syswow64\taskkill.exe' /IM sslmgr.exe /F
- 'pa###ools.com':80
- http://www.pa###ools.com/sendform/default.asp
- 'pa###ools.com':80
- DNS ASK pa###ools.com
- ClassName: 'Shell_traywnd' WindowName: ''
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\taskkill.exe' /IM msconfig.exe /F' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' \RECYCLER\RP02\Nod32.Temp\mfncom.dll /s' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /IM sslmgr.exe /F' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' \RECYCLER\RP02\Nod32.Temp\mfncom.dll /s