Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Owpxkxlh' = 'C:\Users\Public\Owpxkxlh.url'
- %WINDIR%\syswow64\colorcpl.exe
- C:\users\public\libraries\owpxkxlh.pif
- C:\users\public\owpxkxlh.url
- %ALLUSERSPROFILE%\remcos\logs.dat
- 'tr####etorn.ydns.eu':80
- 'to###do.ydns.eu':1972
- 'or###k.ydns.eu':1972
- http://tr####etorn.ydns.eu/x/yaztdtgfd/Owpxkxlhnei
- 'tr####etorn.ydns.eu':1972
- DNS ASK tr####etorn.ydns.eu
- DNS ASK to###do.ydns.eu
- DNS ASK or###k.ydns.eu
- DNS ASK we####inwell.online
- ClassName: '' WindowName: 'Color Management'
- '%WINDIR%\syswow64\colorcpl.exe' ' (with hidden window)
- '%WINDIR%\syswow64\colorcpl.exe'