Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\logonui.lnk
- %WINDIR%\explorer.exe
- %WINDIR%\syswow64\wuapp.exe
- %WINDIR%\syswow64\svchost.exe
- %WINDIR%\syswow64\raserver.exe
- %WINDIR%\syswow64\rundll32.exe
- %WINDIR%\syswow64\netstat.exe
- %WINDIR%\syswow64\napstat.exe
- %WINDIR%\syswow64\chkdsk.exe
- %WINDIR%\syswow64\cmd.exe
- %WINDIR%\syswow64\msiexec.exe
- %WINDIR%\syswow64\systray.exe
- iexplore.exe
- firefox.exe
- C:\gwhbkjgfp\logonui\appxapplicabilityblob.scr
- DNS ASK ke##bin.com
- DNS ASK jm##75.com
- '%WINDIR%\syswow64\wuapp.exe'
- '%WINDIR%\syswow64\cmd.exe' del "<Full path to file>"
- '%WINDIR%\syswow64\svchost.exe'
- '%WINDIR%\syswow64\raserver.exe'
- '%WINDIR%\syswow64\rundll32.exe'
- '%WINDIR%\syswow64\netstat.exe'
- '%WINDIR%\syswow64\napstat.exe'
- '%WINDIR%\syswow64\chkdsk.exe'
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\msiexec.exe'
- '%WINDIR%\syswow64\systray.exe'