Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DeucaDriver' = '<Full path to file>'
- '<Current directory>\fo2o.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "<Current directory>\CSC1.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v3.5\csc.exe' /noconfig /fullpaths @"%TEMP%\ldt98x6v.cmdline"
- <Current directory>\CSC1.tmp
- %TEMP%\RES2.tmp
- <Current directory>\fo2o.exe
- <Current directory>\fo2o.pdb
- %TEMP%\ldt98x6v.0.cs
- %TEMP%\ldt98x6v.cmdline
- %TEMP%\ldt98x6v.out
- %TEMP%\ldt98x6v.cmdline
- %TEMP%\ldt98x6v.0.cs
- %TEMP%\ldt98x6v.out
- %TEMP%\RES2.tmp
- <Current directory>\CSC1.tmp
- '18#.#9.55.220':6667
- 'ip##pi.com':80
- 'wp#d':80
- http://ip##pi.com/line/
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ip##pi.com
- DNS ASK wp#d