Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to file>' = '<Full path to file>:*:Enabled:File and Printer...
- <Current directory>\Data\20.dat
- <Current directory>\Data\MapPath.dat
- <Current directory>\Data\SkillList.dat
- <Current directory>\Data\16.dat
- <Current directory>\Data\17.dat
- <Current directory>\Data\18.dat
- <Current directory>\Data\19.dat
- <Current directory>\EasyHook.dll
- <Current directory>\UpdateLauncher.exe
- <Current directory>\log\Info_20180615.log
- 'wp#d':80
- 'pa##.#ame4you.us':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://pa##.#ame4you.us/GetPathInfo.aspx?Ve#######
- DNS ASK wp#d
- DNS ASK pa##.#ame4you.us