Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- C:\System\SystemExchange\SystemFiles\lsess.exe
- <SYSTEM32>\tskill.exe *Medical*
- <SYSTEM32>\tskill.exe *TaxRecord*
- <SYSTEM32>\tskill.exe *Birth*
- <SYSTEM32>\ping.exe 127.0.0.1 -n 3
- <SYSTEM32>\tskill.exe *0m3g4*
- <SYSTEM32>\tskill.exe *Angelina*
- <SYSTEM32>\tskill.exe lsess
- <SYSTEM32>\cmd.exe /c ""C:\System\SystemExchange\SystemTemp\Relocate.bat""
- <SYSTEM32>\netsh.exe firewall set opmode disable
- <SYSTEM32>\tskill.exe *Resume*
- <SYSTEM32>\tskill.exe UpdateAccess
- <SYSTEM32>\tskill.exe svchest
- <SYSTEM32>\svchest.exe
- C:\System\SystemExchange\SystemFiles\lsess.exe
- C:\System\SystemExchange\SystemTools\rar
- C:\System\SystemExchange\SystemTemp\Relocate.bat
- 'wp#d':80
- 'localhost':1036
- wp#d/wpad.dat
- DNS ASK wp#d
- DNS ASK www.google.com