Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'LUkKw' = 'C:\gxauvn\LUkKwv\LUkKwvfMg.vbs'
- %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe
- C:\gxauvn\lukkwv\lukkwvfmg.vbs
- C:\gxauvn\lukkwv\lukkw.exe
- 'as######sfbksa.duckdns.org':1880
- DNS ASK as######sfbksa.duckdns.org
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe'