Technical Information
- <SYSTEM32>\tasks\èîîñãû³æ
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0y9o17dr\175two[1].dll
- <SYSTEM32>\tasks\èîîñãû³æ
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bm8skz0v\175two[1].bin
- 'us#.#sidj.xyz':80
- '12#.#9.200.175':8848
- http://us#.#sidj.xyz/dll/175two.dll
- http://us#.#sidj.xyz/175two.bin
- '12#.#9.200.175':8848
- DNS ASK us#.#sidj.xyz
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '<Full path to file>' ' (with hidden window)
- '<SYSTEM32>\taskeng.exe' {112BD352-29A4-40D6-9939-F844E4A20CA6} S-1-5-21-1238866942-1249195528-555854008-1000:knjibc\user:Interactive:[1]