Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\KLMN02efb793b6a7b536380335b3a3f563f5.exe
- %WINDIR%\server.exe
- 'kz.##ateam.com':8081
- 'ip.##totoo.com':923
- DNS ASK kz.##ateam.com
- DNS ASK ip.##totoo.com
- '%WINDIR%\server.exe'
- '<SYSTEM32>\cmd.exe' /c sc config "UxSms" start= demand
- '<SYSTEM32>\sc.exe' config "UxSms" start= demand