Technical Information
- <SYSTEM32>\tasklist.exe
- <SYSTEM32>\findstr.exe /i "ftp.exe"
- <SYSTEM32>\net.exe stop sharedaccess
- <SYSTEM32>\net1.exe stop sharedaccess
- %TEMP%\~1.bat
- %TEMP%\~1.bat
- 'sh##ten.ws':80
- 'localhost':1036
- sh##ten.ws/5bea7e
- DNS ASK sh##ten.ws
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''