Technical Information
- %WINDIR%\explorer.exe
- %WINDIR%\syswow64\autochk.exe
- 'de###ari.com':80
- 'mo######solutionsalpha.com':80
- 'we#####spasssite.com':80
- 'th#####ersion-blog.com':80
- DNS ASK de###ari.com
- DNS ASK mo######solutionsalpha.com
- DNS ASK we#####spasssite.com
- DNS ASK di####otato.party
- DNS ASK th#####ersion-blog.com
- '%WINDIR%\syswow64\svchost.exe'
- '%WINDIR%\syswow64\msdt.exe'
- '%WINDIR%\syswow64\cmd.exe' del "%WINDIR%\SysWow64\svchost.exe"