Technical Information
- <SYSTEM32>\svchost.exe
- %WINDIR%\explorer.exe
- %WINDIR%\syswow64\calc.exe
- 'zw#.##100.online':80
- http://8.###.124.68/index.php/inface/Heart/getConfigDyn?m_###############################################
- DNS ASK zw#.##100.online
- '255.255.255.255':23779
- '255.255.255.255':23881
- '<LOCALNET>.96.13':63551
- '<LOCALNET>.96.13':63552
- '<LOCALNET>.96.13':63553
- '<LOCALNET>.96.13':63554
- '<LOCALNET>.96.13':63555
- '<LOCALNET>.96.13':63556
- '<LOCALNET>.96.13':63557
- '<LOCALNET>.96.13':63558
- '<LOCALNET>.96.13':63559
- '<LOCALNET>.96.13':63560
- '<LOCALNET>.96.13':63561
- '<SYSTEM32>\svchost.exe' -k LocalServiceNetwork -p
- '%WINDIR%\syswow64\calc.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\syswow64\calc.exe"