Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AS2014' = '%ALLUSERSPROFILE%\Application Data\T2Ddq1gg\T2Ddq1gg.exe'
- firefox.exe
- %ALLUSERSPROFILE%\application data\t2ddq1gg\t2ddq1gg.exe
- %ALLUSERSPROFILE%\application data\t2ddq1gg\t2ddq1ggyvsagggg.in
- %ALLUSERSPROFILE%\application data\t2ddq1gg\t2ddq1gg.exe.manifest
- %ALLUSERSPROFILE%\application data\t2ddq1gg\t2ddq1gg.ico
- %ALLUSERSPROFILE%\application data\t2ddq1gg\rr.bat
- ClassName: 'fwcplui_class' WindowName: ''
- ClassName: 'MSASCUI_class' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c ""%ALLUSERSPROFILE%\Application Data\T2Ddq1gg\rr.bat" "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%ALLUSERSPROFILE%\Application Data\T2Ddq1gg\rr.bat" "