Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tigergen' = '%HOMEPATH%\subfolder\tigergen.vbs -BN'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'UDP Subsystem' = '%ProgramFiles(x86)%\UDP Subsystem\udpss.exe'
- tigergen.exe
- %HOMEPATH%\subfolder\tigergen.exe
- %HOMEPATH%\subfolder\tigergen.vbs
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %ProgramFiles(x86)%\udp subsystem\udpss.exe
- '41#######ns.chickenkiller.com':60881
- '17#.#39.21.137':60881
- DNS ASK 41#######ns.chickenkiller.com
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\subfolder\tigergen.vbs"
- '%HOMEPATH%\subfolder\tigergen.exe'
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\subfolder\tigergen.vbs"' (with hidden window)
- '%HOMEPATH%\subfolder\tigergen.exe' ' (with hidden window)