Technical Information
- %WINDIR%\syswow64\svchost.exe
- %APPDATA%\tuzi_skin_dt_2.ini
- %TEMP%\2836_tzauto.ini
- %TEMP%\cmd_dep.txt
- %TEMP%\cmd_dep.txt
- 'ht##i.com':80
- DNS ASK ht##i.com
- '%WINDIR%\syswow64\cmd.exe' /c wmic OS Get DataExecutionPrevention_SupportPolicy>"%TEMP%\cmd_dep.txt"' (with hidden window)
- '%WINDIR%\syswow64\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c wmic OS Get DataExecutionPrevention_SupportPolicy>"%TEMP%\cmd_dep.txt"
- '%WINDIR%\syswow64\wbem\wmic.exe' OS Get DataExecutionPrevention_SupportPolicy