Technical Information
- %WINDIR%\syswow64\svchost.exe
- <Current directory>\glayer.exe
- %WINDIR%\syswow64\xjxve32.dll
- %TEMP%\2938.bat
- %TEMP%\zcgjmp.dll
- %TEMP%\3157.bat
- <Current directory>\glayer.exe
- http://cc######eport.minibai.com/dllloadinglog.json
- DNS ASK cc######eport.minibai.com
- DNS ASK ap#.#xdb123.com
- ClassName: 'Progman' WindowName: 'Program Manager'
- '<Current directory>\glayer.exe'
- '<Current directory>\glayer.exe' ' (with hidden window)
- '%WINDIR%\syswow64\svchost.exe' -k NetTimeSvc' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\2938.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\3157.bat" "' (with hidden window)
- '%WINDIR%\syswow64\svchost.exe' -k NetTimeSvc
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\2938.bat" "
- '%WINDIR%\syswow64\ping.exe' 1.0.0.1 -n
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\3157.bat" "