Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FC' = '%APPDATA%\FC.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\fc.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\fc.vbs
- %APPDATA%\microsoft\windows\start menu\programs\startup\fc.js
- %APPDATA%\microsoft\windows\start menu\programs\startup\fc.url
- <SYSTEM32>\tasks\fc
- %APPDATA%\fc.exe
- 'ja#####g.publicvm.com':3434
- DNS ASK ja#####g.publicvm.com
- '%APPDATA%\fc.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 60 /tn "FC" /tr "%APPDATA%\FC.exe"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 60 /tn "FC" /tr "%APPDATA%\FC.exe"