Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe
- %TEMP%\whereprevlaunchedfile.txt
- %WINDIR%\temp\caba746.tmp
- %WINDIR%\temp\tara747.tmp
- %TEMP%\whereprevlaunchedfile.txt
- %WINDIR%\temp\caba746.tmp
- %WINDIR%\temp\tara747.tmp
- %APPDATA%\microsoft\windows\start menu\programs\startup\old.exe
- 'localhost':49173
- 'localhost':49175
- 'ki###sdorm.xyz':443
- 'r3.#.lencr.org':80
- 'microsoft.com':80
- 'localhost':49173
- 'localhost':49175
- 'localhost':49176
- 'ki###sdorm.xyz':443
- DNS ASK ki###sdorm.xyz
- DNS ASK r3.#.lencr.org
- DNS ASK microsoft.com
- '%APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe'