Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{XKR69HCG-91345-DRY69O-DRY69OJNQB}' = '"%TEMP%\svchost.exe" ...'
- %HOMEPATH%\Start Menu\Programs\Startup\{XKR69HCG-91345-DRY69O-DRY69OJNQB}.exe
- hidden files
- %TEMP%\svchost.exe
- %HOMEPATH%\Start Menu\Programs\Startup\{XKR69HCG-91345-DRY69O-DRY69OJNQB}.exe
- %TEMP%\svchost.exe
- 'ca#####dspeed.ddns.net':8452
- DNS ASK ca#####dspeed.ddns.net
- '%TEMP%\svchost.exe'