Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\app.ico.lnk
- 'ch####p.dyndns.org':80
- 'ho##.#cloud.click':1433
- http://ch####p.dyndns.org/
- 'ho##.#cloud.click':1433
- DNS ASK ch####p.dyndns.org
- DNS ASK ho##.#cloud.click
- '%WINDIR%\syswow64\cmd.exe' /c wmic process where ExecutablePath='%HomeDrive%\\Users\\%username%\\AppData\\Roaming\\system32\\svchost.exe' Get ProcessID
- '%WINDIR%\syswow64\wbem\wmic.exe' process where ExecutablePath='C:\\Users\\user\\AppData\\Roaming\\system32\\svchost.exe' Get ProcessID
- '%WINDIR%\syswow64\cmd.exe' /c wmic path win32_computersystemproduct get uuid /value
- '%WINDIR%\syswow64\wbem\wmic.exe' path win32_computersystemproduct get uuid /value
- '%WINDIR%\syswow64\cmd.exe' /c wmic /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct get displayname
- '%WINDIR%\syswow64\wbem\wmic.exe' /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct get displayname