Technical Information
- %PROGRAMDATA%\28205\tlworker.exe
- http://se####level.site/pppp/index.php
- DNS ASK se####level.site
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d %PROGRAMDATA%\28205