Technical Information
- %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\upnp device host\upnphost\udhisapi.dll
- '<SYSTEM32>\taskkill.exe' /f /im explorer.exe
- %WINDIR%\explorer.exe
- %TEMP%\821d.tmp\hdsentinel.bat
- <Current directory>\xiaoba.mp3
- from <Current directory>\xiaoba.mp3 to <Current directory>\xiaoba.xiaoba
- from <Full path to file> to <PATH_SAMPLE>.xiaoba
- DNS ASK go##le.cn
- 'ff#2::c':1900
- '23#.#55.255.250':1900
- ClassName: '' WindowName: ''
- ClassName: '\MSITPro::EventQueue' WindowName: ''
- ClassName: 'Type32_Main_Window' WindowName: ''
- ClassName: 'WMPlayerApp' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\821D.tmp\HDSentinel.bat" "<Full path to file>""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\821D.tmp\HDSentinel.bat" "<Full path to file>""
- '%ProgramFiles(x86)%\windows media player\wmplayer.exe' /Play -Embedding
- '<SYSTEM32>\ping.exe' -a www.go##le.cn
- '<SYSTEM32>\rundll32.exe' DwmApi #105