Technical Information
- %WINDIR%\syswow64\runlegacycplelevated.exe
- 'zk.##168.live':80
- http://8.##7.42.35/index.php/inface/Heart/getConfigDyn?m_###############################################
- DNS ASK zk.##168.live
- '255.255.255.255':23779
- '255.255.255.255':23881
- '<LOCALNET>.27.38':62995
- '<LOCALNET>.27.38':57230
- '<LOCALNET>.27.38':57231
- '<LOCALNET>.27.38':57232
- '<LOCALNET>.27.38':57233
- '<LOCALNET>.27.38':57234
- '<LOCALNET>.27.38':57235
- '<LOCALNET>.27.38':57236
- '<LOCALNET>.27.38':57237
- '<LOCALNET>.27.38':57238
- '<SYSTEM32>\svchost.exe' -k LocalServiceNetwork -p
- '%WINDIR%\syswow64\runlegacycplelevated.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\syswow64\runlegacycplel...