Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'PingPot' = '%ProgramFiles%\MSXML 3.99\UzprosGaiep.exe'
- C:\users\public\documents\worng.txt
- %ProgramFiles%\msxml 3.99\uzprosgaiep.exe
- %APPDATA%\5996c9b.bat
- '10#.#0.220.34':3123
- 'ho##.hfs666.top':10086
- 'ho##.hfs666.top':10086
- DNS ASK ho##.hfs666.top
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c %APPDATA%\5996C9B.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %APPDATA%\5996C9B.bat
- '%WINDIR%\syswow64\tasklist.exe'
- '%WINDIR%\syswow64\find.exe' /i "<File name>.exe"