Technical Information
- %WINDIR%\syswow64\tstheme.exe
- %WINDIR%\syswow64\wpdshextautopla.dll
- %WINDIR%\syswow64\logagen.dll
- %WINDIR%\syswow64\wsmprovhos.dll
- %WINDIR%\syswow64\winrshos.dll
- %WINDIR%\syswow64\upnpcon.dll
- %WINDIR%\syswow64\tsthem.dll
- http://el##.top:8860/down/sjh17up.txt via el##.top
- http://xz.###ti.top:801/kwbx.exe via xz.##tti.top
- DNS ASK el##.top
- DNS ASK xz.##tti.top
- '%WINDIR%\syswow64\wpdshextautoplay.exe'
- '%WINDIR%\syswow64\logagent.exe'
- '%WINDIR%\syswow64\wsmprovhost.exe'
- '%WINDIR%\syswow64\winrshost.exe'
- '%WINDIR%\syswow64\upnpcont.exe'
- '%WINDIR%\syswow64\tstheme.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\syswow64\wpdshextautopl...
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\syswow64\logagent.exe"