Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\santa.bat
- '%WINDIR%\syswow64\net.exe' stop wscsvc
- %TEMP%\nsrcc44.tmp
- %TEMP%\nshcc55.tmp\dlru.exe
- %WINDIR%\syswow64\msinet.ocx
- %WINDIR%\syswow64\dlru.txt
- %APPDATA%\microsoft\windows\start menu\programs\startup\santa.bat
- %TEMP%\nshcc55.tmp\dlru.exe
- DNS ASK tr####arketing.com
- '%TEMP%\nshcc55.tmp\dlru.exe'
- '%WINDIR%\syswow64\net.exe' stop wscsvc' (with hidden window)
- '%WINDIR%\syswow64\net1.exe' stop wscsvc