Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Adaptive Port Bus Session TP Propagation] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Adaptive Port Bus Session TP Propagation] 'ImagePath' = 'C:\wfssldci\zvwzrzyp.exe'
- 'Adaptive Port Bus Session TP Propagation' C:\wfssldci\zvwzrzyp.exe
- %WINDIR%\wfssldci\wfv5a59lr
- C:\wfssldci\wfv5a59lr
- C:\wfssldci\uf4yqjc5qdbfssmk.exe
- C:\wfssldci\zvwzrzyp.exe
- C:\wfssldci\bvqnsqzskdg.exe
- C:\wfssldci\qosjadbo
- C:\wfssldci\zvwzrzyp.exe
- C:\wfssldci\bvqnsqzskdg.exe
- %WINDIR%\wfssldci\wfv5a59lr
- C:\wfssldci\uf4yqjc5qdbfssmk.exe
- %WINDIR%\wfssldci\wfv5a59lr
- '19#.#7.134.20':44965
- '20#.#7.225.58':33073
- '10#.#28.239.221':49777
- '41.##8.41.238':29356
- '74.#5.64.25':22739
- '62.##1.108.194':20068
- '10#.#4.136.243':42581
- 'C:\wfssldci\uf4yqjc5qdbfssmk.exe'
- 'C:\wfssldci\zvwzrzyp.exe'
- 'C:\wfssldci\bvqnsqzskdg.exe' "c:\wfssldci\zvwzrzyp.exe"