Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DismSvc' = '%TEMP%\Dism.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\WindowUpdate.URL
- %HOMEPATH%\Start Menu\Programs\Startup\Firefox.lnk
- %TEMP%\nsx3.tmp
- %TEMP%\rpc420_setup.exe
- %TEMP%\Dism.exe
- %TEMP%\Dism.exe
- '<LOCALNET>.93.1':6852
- 'c9########ewubz9rbsg.loseyourip.com':6852
- DNS ASK C9########Ewubz9Rbsg.loseyourip.com
- '%TEMP%\rpc420_setup.exe'
- '%TEMP%\Dism.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 2 /tn "DismSvc23" /tr "%TEMP%\Dism.exe"