Technical Information
- %WINDIR%\tesxnginx.sys
- %WINDIR%\syswow64\lr_tes.sys
- %WINDIR%\syswow64\calldll.dll
- %WINDIR%\syswow64\mian.dll
- %WINDIR%\syswow64\loader.dll
- http://www.xi###nhome.com/ds2ys15938.txt
- DNS ASK xi###nhome.com
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe %WINDIR%\tesxnginx.sys /e /t /p everyone:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe %WINDIR%\tesxnginx.sys /e /t /p everyone:N
- '%WINDIR%\syswow64\cacls.exe' %WINDIR%\tesxnginx.sys /e /t /p everyone:N