Technical Information
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- %ALLUSERSPROFILE%\Application Data\fWyfnSWdrs\cfgi
- %ALLUSERSPROFILE%\Application Data\fWyfnSWdrs\cfg
- 'we##z.pw':80
- '18#.#44.29.36':5450
- http://we##z.pw/cfg.txt
- DNS ASK we##z.pw
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\svchost.exe' -c "%ALLUSERSPROFILE%\Application Data\fWyfnSWdrs\cfgi"