Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svc' = '<Full path to file>'
- %HOMEPATH%\Start Menu\Programs\Startup\windows.exe
- %WINDIR%\.log
- 'er#######alkkcd0tkdgfkore.xyz':80
- 'ae###########.retrthvbc5678670hgfohhf0htrht.xyz':52328
- http://11#.#11.111.2/data/ver1.txt via er#######alkkcd0tkdgfkore.xyz
- DNS ASK er#######alkkcd0tkdgfkore.xyz
- DNS ASK ae###########.retrthvbc5678670hgfohhf0htrht.xyz