Technical Information
- %WINDIR%\syswow64\logagent.exe
- %WINDIR%\syswow64\wsmprovhos.dll
- %WINDIR%\syswow64\winrshos.dll
- %WINDIR%\syswow64\tsthem.dll
- %WINDIR%\syswow64\upnpcon.dll
- %WINDIR%\syswow64\logagen.dll
- 'sd.#lkk.top':5188
- 'xz.###okoencg.top':1001
- http://xz.####koencg.top:1001/ipdduck.exe via xz.###okoencg.top
- DNS ASK sd.#lkk.top
- DNS ASK xz.###okoencg.top
- '255.255.255.255':9953
- '%WINDIR%\syswow64\wpdshextautoplay.exe'
- '%WINDIR%\syswow64\wsmprovhost.exe'
- '%WINDIR%\syswow64\winrshost.exe'
- '%WINDIR%\syswow64\tstheme.exe'
- '%WINDIR%\syswow64\upnpcont.exe'
- '%WINDIR%\syswow64\logagent.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\syswow64\wsmprovhost.ex...