Technical Information
- %WINDIR%\syswow64\svchost.exe
- %WINDIR%\syswow64\gjmqtwz.dll
- %TEMP%\8391.bat
- %TEMP%\hknuxa.dll
- %TEMP%\vyfilpsv.dll
- %TEMP%\rcxccec.tmp
- <SYSTEM32>\pswcgjmp.dll
- from %TEMP%\rcxccec.tmp to %TEMP%\vyfilpsv.dll
- http://ao#.####batllesgrounds.com/terminal/start-up
- DNS ASK ao#.####batllesgrounds.com
- ClassName: 'sdfasdfasfasdf' WindowName: 'sdfasdfasfasdf'
- '%WINDIR%\syswow64\svchost.exe' -k NetTimeSvc' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\8391.bat" "' (with hidden window)
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\pswcgjmp.dll"' (with hidden window)
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\pswcgjmp.dll",ENVStartup 0' (with hidden window)
- '%WINDIR%\syswow64\svchost.exe' -k NetTimeSvc
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\8391.bat" "
- '%WINDIR%\syswow64\ping.exe' 1.0.0.1 -n
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\pswcgjmp.dll"
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\pswcgjmp.dll",ENVStartup 0