Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '80ZWs9L3tTQjVE' = '%ALLUSERSPROFILE%\ADG\{5Pf9q3AE9rp0}\80ZWs9L3tTQjVE.exe'
- %ALLUSERSPROFILE%\adg\{5pf9q3ae9rp0}\80zws9l3ttqjve.exe
- %ALLUSERSPROFILE%\adg\{5pf9q3ae9rp0}\httpsapi.dll
- %ALLUSERSPROFILE%\adg\{5pf9q3ae9rp0}\log.dll
- %ALLUSERSPROFILE%\adg\{5pf9q3ae9rp0}\80zws9l3ttqjve.txt
- %LOCALAPPDATA%\178bfbff00050657
- %ALLUSERSPROFILE%\adg\{5pf9q3ae9rp0}\key
- '10#.#2.242.198':8080
- '10#.#2.242.198':12345
- http://10#.##.242.198:8080/9x.dll via 10#.#2.242.198
- '10#.#2.242.198':12345
- ClassName: '' WindowName: ''
- '%ALLUSERSPROFILE%\adg\{5pf9q3ae9rp0}\80zws9l3ttqjve.exe'
- '<Full path to file>' 490A300A560A5A0A780A650A6D0A780A6B0A670A4E0A6B0A7E0A6B0A560A4B0A4E0A4D0A560A710A3F0A5A0A6C0A330A7B0A390A4B0A4F0A330A780A7A0A3A0A770A560A320A3A0A500A5D0A790A330A460A390A7E0A5E0A5B0A600A5C0A4F0Aa...' (with hidden window)
- '%ALLUSERSPROFILE%\adg\{5pf9q3ae9rp0}\80zws9l3ttqjve.exe' ' (with hidden window)