Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1windy' = 'rundll32.exe "%APPDATA%\seven.jpg",_barth2'
- %APPDATA%\seven.jpg
- 'va####smilesis.com':80
- 'localhost':1037
- http://va####smilesis.com/wp-content/uploads/2012/02/augusts_rush03-300x240.jpg
- DNS ASK va####smilesis.com