Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RsTray' = '<SYSTEM32>\scvhost.exe'
- '%WINDIR%\extext476146t.exe'
- '<SYSTEM32>\taskkill.exe' /im avp.exe /f
- '<SYSTEM32>\taskhost.exe' <SYSTEM32> /e /p everyone:f
- '<SYSTEM32>\cacls.exe' "%TEMP%\" /e /p everyone:f
- '<SYSTEM32>\rundll32.exe' %WINDIR%\tete443869t.dll testall
- '<SYSTEM32>\sc.exe' config ekrn start= disabled
- '<SYSTEM32>\taskkill.exe' /im ekrn.exe /f
- '<SYSTEM32>\taskkill.exe' /im egui.exe /f
- %WINDIR%\extext476146t.exe
- <DRIVERS>\pcidump.sys
- %WINDIR%\tete443869t.dll
- <DRIVERS>\aec.SYS
- %WINDIR%\tete443869t.dll
- <DRIVERS>\aec.SYS
- DNS ASK co###.4rw3.com
- DNS ASK cn#.#te3.com
- ClassName: '' WindowName: ''
- ClassName: 'This Is Game...' WindowName: ''