Technical Information
- %WINDIR%\winhlp32.exe
- %TEMP%\dynwrapx.dll
- '15.##5.10.108':3000
- 'oc##.#tartssl.com':80
- http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV
- DNS ASK st####.rapidssl.com
- DNS ASK oc##.#tartssl.com
- ClassName: 'ConsoleWindowClass' WindowName: ''
- '%WINDIR%\syswow64\regsvr32.exe' /I /S "%TEMP%\dynwrapx.dll"' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' //b //e:vbscript "<PATH_SAMPLE>.vbs"
- '%WINDIR%\syswow64\regsvr32.exe' /I /S "%TEMP%\dynwrapx.dll"
- '%WINDIR%\winhlp32.exe'