Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ads' = '%WINDIR%\ads4.exe'
- %TEMP%\keycf 19.1.exe
- %WINDIR%\ads4.exe
- %WINDIR%\ads3.exe
- %WINDIR%\mlang.dll
- <SYSTEM32>\ads4.exe
- %TEMP%\keycf 19.1.exe
- %WINDIR%\ads2.exe
- %WINDIR%\ads.exe
- 'c.##ycf.net':80
- 'localhost':1038
- 'pa####000.hut4.ru':21
- c.##ycf.net/modz.php
- DNS ASK c.##ycf.net
- DNS ASK pa####000.hut4.ru
- '<Private IP address>':1036
- ClassName: 'Chrome_WidgetWin_0' WindowName: 'Key Cross Kill - Free Online FPS - Download Cross Fire - Google Chrome'
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Chrome_WidgetWin_0' WindowName: 'File Key Cross Kill - Free Online FPS - Download Cross Fire - Google Chrome'
- ClassName: 'MozillaWindowClass' WindowName: 'File Key Cross Kill - Free Online FPS - Download Cross Fire - Mozilla Firefox'
- ClassName: 'MozillaWindowClass' WindowName: 'Key Cross Kill - Free Online FPS - Download Cross Fire - Mozilla Firefox'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'CrossFire' WindowName: 'CrossFire'
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''