Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'SK' = '%ALLUSERSPROFILE%\asfasfg\SK.exe'
- %ALLUSERSPROFILE%\asfasfg\goopdate.dll
- %ALLUSERSPROFILE%\asfasfg\sk.data
- %ALLUSERSPROFILE%\asfasfg\sk.exe
- %LOCALAPPDATA%\178bfbff00050657
- %ALLUSERSPROFILE%\asfasfg\key
- %TEMP%\rc192547358fko9281\2628ny32n10d6.data
- %TEMP%\rc192547358fko9281\goopdate.dll
- %TEMP%\rc192547358fko9281\2628ny32n10d6.exe
- %TEMP%\rc192547358fko9281\key
- %TEMP%\rc192547358fko9281\yj77s9e951e1p5ic9v.exe
- %TEMP%\rc192547358fko9281\yj77s9e951e1p5ic9v.data
- %ALLUSERSPROFILE%\asfasfg\key
- %TEMP%\rc192547358fko9281\key
- %TEMP%\rc192547358fko9281\key
- '47.#5.7.161':8080
- '47.#5.7.161':12345
- http://47.##.7.161:8080/7X/client.dll via 47.#5.7.161
- '47.#5.7.161':12345
- ClassName: 'EDIT' WindowName: ''
- '%ALLUSERSPROFILE%\asfasfg\sk.exe'
- '%TEMP%\rc192547358fko9281\2628ny32n10d6.exe'
- '%TEMP%\rc192547358fko9281\yj77s9e951e1p5ic9v.exe'