Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1Ny6Z5Tz27' = '"%ALLUSERSPROFILE%\Application Data\kfpoxrzv.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pQ45JZu73A' = '"%ALLUSERSPROFILE%\Application Data\kfpoxrzv.exe"'
- '%ALLUSERSPROFILE%\Application Data\kfpoxrzv.exe' B9F7D40106DC7C9EFBBFE7440D27952F
- %ALLUSERSPROFILE%\Application Data\kfpoxrzv.exe
- %ALLUSERSPROFILE%\Application Data\2fBt6X239k1GIDB
- %ALLUSERSPROFILE%\Application Data\2fBt6X239k1GIDB
- %ALLUSERSPROFILE%\Application Data\kfpoxrzv.exe
- 'pr#####oman1.dyndns.org':6697
- DNS ASK pr#####oman1.dyndns.org