Technical Information
- '%WINDIR%\syswow64\net.exe' stop sharedaccess
- <Current directory>\t9.dll
- <Current directory>\t9.dll
- http://ds##.#tnts.com:8888/?op######################################################################################################################### via ds##.stnts.com
- DNS ASK ds##.stnts.com
- '%WINDIR%\syswow64\cmd.exe' /C start %WINDIR%\smss.exe Wndiariurk' (with hidden window)
- '%WINDIR%\syswow64\net.exe' stop sharedaccess' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\_uninsep.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C start %WINDIR%\smss.exe Wndiariurk
- '%WINDIR%\syswow64\net1.exe' stop sharedaccess
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\_uninsep.bat" "
- '%WINDIR%\syswow64\choice.exe' /T 2 /N /D y