Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\FileDisk_Configuration] 'ImagePath' = '<SYSTEM32>\cmd.exe /c start <SYSTEM32>\mciwave.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\FileDisk_Configuration] 'Start' = '00000002'
- '<SYSTEM32>\mciwave.exe'
- '<SYSTEM32>\cmd.exe' /c systeminfo >NUL & del /q "<Full path to file>" >> NUL
- '<SYSTEM32>\systeminfo.exe'
- '<SYSTEM32>\cmd.exe' /c start <SYSTEM32>\mciwave.exe
- '<SYSTEM32>\charmap.exe' <SYSTEM32>\mciwave.exe
- <SYSTEM32>\charmap.exe
- <SYSTEM32>\cmd.exe
- 'es####.freeoda.com':80
- 'www.tr###show.xyz':80
- 'li####e.thraucek.tk':80
- http://es####.freeoda.com/phpBB3/phpbb/php/config/
- http://www.tr###show.xyz/wp/wp-template/?lo###
- http://li####e.thraucek.tk/
- DNS ASK www.tr###show.xyz
- DNS ASK es####.freeoda.com
- DNS ASK www.microsoft.com
- DNS ASK li####e.thraucek.tk