Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ag_4_1_J_p_P_' = '%TEMP%\aQ_7_P_c_.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\1111.exe' = '%TEMP%\1111.exe:*:Enabled:1111.exe'
- '%TEMP%\DUCSetup_v4_1_1.exe'
- '%TEMP%\1111.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\1111.exe" "1111.exe" ENABLE
- 1111.exe
- %TEMP%\aQ_7_P_c_.exe
- %TEMP%\DUCSetup_v4_1_1.exe
- %TEMP%\1111.exe
- 'ka###0.ddns.net':7854
- DNS ASK ka###0.ddns.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '#32770' WindowName: ''