Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '0'
- <SYSTEM32>\ddraw.dll with <SYSTEM32>\ddraw.dll
- <SYSTEM32>\ddraw.dll.new
- <SYSTEM32>\dllcache\ddraw.dll.new
- <SYSTEM32>\ddraw.dll
- <SYSTEM32>\dllcache\ddraw.dll.new
- 'localhost':1037
- 'gu##oxyz.tk':80
- http://gu##oxyz.tk/WbZjSFvesc/ddraw32b.dll
- http://gu##oxyz.tk/WbZjSFvesc/ddraw64b.dll
- DNS ASK gu##oxyz.tk
- '<SYSTEM32>\cmd.exe' /C takeown /f <SYSTEM32>\ddraw.dll
- '<SYSTEM32>\cmd.exe' /C icacls <SYSTEM32>\ddraw.dll /grant Administrators:F /T