Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DtServ32m.exe' = '%APPDATA%\DtServ2.exe'
- <SYSTEM32>\notepad.exe
- dtserv2.exe
- %APPDATA%\dtserv2.exe
- 'ap####evpn.ddns.net':9633
- DNS ASK ap####evpn.ddns.net
- '%APPDATA%\dtserv2.exe'
- '<SYSTEM32>\notepad.exe' ' (with hidden window)
- '%APPDATA%\dtserv2.exe' ' (with hidden window)
- '<SYSTEM32>\notepad.exe'