Technical Information
- [HKLM\software\Wow6432Node\microsoft\windows\CurrentVersion\Run] 'libshell' = '<Current directory>\libshell.exe'
- http://1.13.17.173:1234/a
- %TEMP%\e2eecore.2.7.2.dll
- '1.##.17.173':2020
- '1.##.17.173':1234
- http://1.##.#7.173:1234/a via 1.##.17.173
- '1.##.17.173':2020