Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AudioDev' = 'cmd /c "C:\Users\Public\Cache\resource.pkz" -t 1'
- %TEMP%\rarsfx0\crack avg antivirus pro 2017.exe
- %TEMP%\rarsfx0\resource.pkz
- C:\users\public\cache\resource.pkz
- '93.##0.142.176':50000
- DNS ASK ri##ool.ovh
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\rarsfx0\crack avg antivirus pro 2017.exe'
- '%TEMP%\rarsfx0\crack avg antivirus pro 2017.exe' demo
- '%TEMP%\rarsfx0\resource.pkz' -t 1
- '%WINDIR%\syswow64\cmd.exe' /c "Crack AVG Antivirus PRO 2017" demo' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "resource.pkz" -t 1' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "Crack AVG Antivirus PRO 2017" demo
- '%WINDIR%\syswow64\cmd.exe' /c "resource.pkz" -t 1