Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Documents' = '%HOMEPATH%\Start Menu\Documents.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\Documents.exe
- %HOMEPATH%\Start Menu\Programs\Startup\Documents.lnk
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
- %HOMEPATH%\Local Settings\Tempserver.exe
- %TEMP%\PawrHJfWfh.txt
- %HOMEPATH%\Start Menu\Documents.exe
- 'ki####id4.ddns.net':1991
- DNS ASK ki####id4.ddns.net
- '%HOMEPATH%\Local Settings\Tempserver.exe'
- '%HOMEPATH%\Start Menu\Documents.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe'