Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winlogon' = '%APPDATA%\DarkCometbuild.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winlogon' = '%APPDATA%\DarkCometbuild.exe'
- '%APPDATA%\DarkCometbuild.exe'
- DarkCometbuild.exe
- %APPDATA%\DarkCometbuild.exe
- %TEMP%\aut3.tmp
- %TEMP%\res.ico2
- %TEMP%\res.ico
- %TEMP%\aut1.tmp
- %TEMP%\msupd.exe
- %TEMP%\aut2.tmp
- %APPDATA%\DarkCometbuild.exe
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'we####337.zapto.org':9050
- DNS ASK we####337.zapto.org