Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{V1H04CF0-33EM-7VA6-7JEH-JE161SK10S77}] 'StubPath' = '%WINDIR%\sys32\ctfmoon.exe Restart'
- %WINDIR%\sys32\ctfmoon.exe
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- %WINDIR%\sys32\ctfmoon.exe
- %TEMP%\%USERNAME%2.txt
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%2.txt
- 'as###.sytes.net':81
- 'as###.sytes.net':7777
- 'as###.sytes.net':7171
- DNS ASK as###.sytes.net