Technical Information
- %WINDIR%\tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job
- <SYSTEM32>\tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\] '1601' = '00000000'
- %ALLUSERSPROFILE%\microsoft\crypto\rsa\s-1-5-18\d42cc0c3858a58db2db37658219e6400_d4602615-9d50-4880-be41-678935e93eaa
- %WINDIR%\tlutia.exe
- %WINDIR%\tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job
- <SYSTEM32>\tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}
- 'ho###uyline.com':80
- 'pl##van.com':80
- http://ho###uyline.com/1wave.php
- http://pl##van.com/1wave.php
- DNS ASK yo##ube.com
- DNS ASK ba##u.com
- DNS ASK ho###uyline.com
- DNS ASK pl##van.com
- DNS ASK ne###ite.com
- '%WINDIR%\tlutia.exe'