Technical Information
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'Windows Service' = '%WINDIR%\winsvc.exe'
- %WINDIR%\winsvc.exe
- %WINDIR%\winsvc.exe
- 'ic###azip.com':80
- 'ip##pi.com':80
- 'tw##t.net':80
- http://ic###azip.com/
- http://ip##pi.com/json/176.100.243.133?fi########
- http://tw##t.net/preload.php
- http://tw##t.net/pl.exe
- DNS ASK ic###azip.com
- DNS ASK ip##pi.com
- DNS ASK tw##t.net
- ClassName: '2dgd828d8g8fg8g8g' WindowName: ''
- '%WINDIR%\winsvc.exe'