Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'DoLinqToSql' = '%PROGRAMDATA%\Client.exe'
- %PROGRAMDATA%\client.exe
- http://kj######ytfvuygbihunji.tk/new_connect.php
- http://kj######ytfvuygbihunji.tk/command.php?id#
- http://kj######ytfvuygbihunji.tk/command.php?id###
- DNS ASK kj######ytfvuygbihunji.tk
- '%PROGRAMDATA%\client.exe'