Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'syscheck' = '<Full path to file>'
- 'wp#d':80
- '74.##5.232.51':80
- 'ip##pi.com':80
- 'vi.##nezool.com':4848
- 'vi.###tingcheap.me':4848
- 'mi###anser.club':4848
- 'an###nter.pw':4848
- http://11#.#11.111.1/wpad.dat via wp#d
- http://clients3.google.com/generate_204 via 74.##5.232.51
- http://ip##pi.com/line/
- DNS ASK wp#d
- DNS ASK clients3.google.com
- DNS ASK ip##pi.com
- DNS ASK vi.##nezool.com
- DNS ASK vi.###tingcheap.me
- DNS ASK mi###anser.club
- DNS ASK an###nter.pw
- '<Full path to file>'
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn "Dec%USERNAME%" /tr "<Full path to file>"