Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'kiss770.cn' = '<Full path to file>'
- [<HKLM>\SYSTEM\ControlSet001\Services\hy5.5] 'ImagePath' = '%TEMP%\5MC20ta.sys'
- '<Current directory>\wker.exe'
- NtOpenProcess, handler: 5MC20ta.sys
- <Current directory>\wker.exe
- %TEMP%\5MC20ta.sys
- <Current directory>\ProcessExtended.dll
- <Full path to file>
- <Current directory>\wker.exe
- <Current directory>\ProcessExtended.dll
- %TEMP%\5MC20ta.sys
- %TEMP%\5MC20ta.sys
- '<L####NET>.1.101':3256
- '18#.#34.59.22':3256