Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Update BitLocker Drive Encryption Service' = '%WINDIR%\SysWOW64\ntsvchost.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\SysWOW64\ntsvchost.exe" "Update BitLocker Drive Encryption Service" ENABLE
- %WINDIR%\syswow64\9125y5yta.dat
- %WINDIR%\syswow64\ntsvchost.exe
- 'tr###onell.com':80
- http://tr###onell.com/fa.php
- DNS ASK tr###onell.com
- '%WINDIR%\syswow64\ntsvchost.exe'
- '%WINDIR%\syswow64\ntsvchost.exe' ' (with hidden window)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\SysWOW64\ntsvchost.exe" "Update BitLocker Drive Encryption Service" ENABLE' (with hidden window)