Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Dr' = '"%TEMP%\Dver.exe" @..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Dr' = '"%TEMP%\Dver.exe"'
- User Account Control (UAC)
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Dver.exe" "Dver.exe" ENABLE
- %TEMP%\dver.exe
- DNS ASK ho####lch.ath.cx
- '%TEMP%\dver.exe' @MLT:QzpcZ2ZvZHJsY1xkcHdnZC5leGU=
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Dver.exe" "Dver.exe" ENABLE' (with hidden window)