Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\app.ico.lnk
- 'ch####p.dyndns.org':80
- 'so######update.mywire.org':1433
- http://ch####p.dyndns.org/
- 'so######update.mywire.org':1433
- DNS ASK ch####p.dyndns.org
- DNS ASK so######update.mywire.org
- '%WINDIR%\syswow64\cmd.exe' /c wmic process where ExecutablePath='%HomeDrive%\\Users\\%username%\\AppData\\Roaming\\system32\\svchost.exe' Get ProcessID
- '%WINDIR%\syswow64\wbem\wmic.exe' process where ExecutablePath='C:\\Users\\user\\AppData\\Roaming\\system32\\svchost.exe' Get ProcessID
- '%WINDIR%\syswow64\cmd.exe' /c wmic path win32_computersystemproduct get uuid /value
- '%WINDIR%\syswow64\wbem\wmic.exe' path win32_computersystemproduct get uuid /value
- '%WINDIR%\syswow64\cmd.exe' /c wmic /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct get displayname
- '%WINDIR%\syswow64\wbem\wmic.exe' /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct get displayname