Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'getip' = '<Full path to file>'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Cdefgh' = '<Full path to file>'
- %WINDIR%\syswow64\notepad.exe
- '14#.#93.154.90':8000
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '%WINDIR%\syswow64\notepad.exe' ' (with hidden window)
- '%WINDIR%\syswow64\notepad.exe'