Technical Information
- %WINDIR%\syswow64\cttune.exe
- 'zk.##168.live':80
- http://47.#6.180.2/index.php/inface/Heart/getConfigDyn?m_###############################################
- DNS ASK zk.##168.live
- '255.255.255.255':23779
- '255.255.255.255':23881
- '<LOCALNET>.45.81':55257
- '<LOCALNET>.45.81':59801
- '<LOCALNET>.45.81':59802
- '<LOCALNET>.45.81':59803
- '<LOCALNET>.45.81':59804
- '<LOCALNET>.45.81':59805
- '<LOCALNET>.45.81':59806
- '<LOCALNET>.45.81':59807
- '<LOCALNET>.45.81':59808
- '<LOCALNET>.45.81':59809
- '<LOCALNET>.45.81':59810
- '<LOCALNET>.45.81':59811
- '<LOCALNET>.45.81':59812
- '<SYSTEM32>\svchost.exe' -k LocalServiceNetwork -p
- '%WINDIR%\syswow64\cttune.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\syswow64\cttune.exe"