Technical Information
- [<HKLM>\System\CurrentControlSet\Services\msdtckrm] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\msdtckrm] 'ImagePath' = '"<SYSTEM32>\msdtckrm\msdtckrm.exe"'
- from <Full path to file> to <SYSTEM32>\msdtckrm\msdtckrm.exe
- '18#.#01.197.106':8080
- http://18#.###.197.106:8080/rlo50W64ob64BK0lcF/mkCUMibgd/qOGKgTwjXpO66XZL/ via 18#.#01.197.106