Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%APPDATA%\Ins\file.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Abobex' = '%APPDATA%\Ins\file.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{JU34J84X-DKOK-U2PX-J6VU-KY5BU1L1Y16U}] 'StubPath' = '"%APPDATA%\Ins\file.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Update' = '<Full path to file>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Update' = '<Full path to file>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%APPDATA%\Ins\file.exe'
- '%APPDATA%\Ins\file.exe'
- '%APPDATA%\Ins\file.exe'
- file.exe
- %APPDATA%\Ins\.Identifier
- %APPDATA%\Ins\file.exe
- %APPDATA%\Ins\.Identifier
- 'to#####is7342.ddns.net':1604
- DNS ASK to#####is7342.ddns.net