Technical Information
- [<HKLM>\System\CurrentControlSet\Services\wow32] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\wow32] 'ImagePath' = '"%WINDIR%\SysWOW64\wow32\wow32.exe"'
- from <Full path to file> to %WINDIR%\syswow64\wow32\wow32.exe
- '18#.#67.16.242':80
- '15#.#70.108.99':443
- http://15#.##0.108.99:443/TroKgs1zDs2v47lBy4/1Vwtz81nvdj1caqnp/u3nLCvX/IwZKGmJN2H/7zX3JOUJcoddiQDoD30/ via 15#.#70.108.99