Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'pkwNyMmq\' = 'C:\pkwNyMmq\nVbWRPtR.exe'
- %WINDIR%\syswow64\notepad.exe
- C:\pkwnymmq\nvbwrptr.exe
- %TEMP%\0.exe
- %TEMP%\qgsrwaojqn.txt
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- 'localhost':1604
- 'qw#####ag.duckdns.org':1604
- 'mi##tar.net':443
- DNS ASK qw#####ag.duckdns.org
- DNS ASK mi##tar.net
- '%TEMP%\0.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe' ' (with hidden window)
- '%WINDIR%\syswow64\notepad.exe' 268 "C:\pkwNyMmq\nVbWRPtR.exe"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe'
- '%WINDIR%\syswow64\notepad.exe' 268 "C:\pkwNyMmq\nVbWRPtR.exe"