Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Internet' = '"%APPDATA%\Network.exe"'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Desktop' = '"<SYSTEM32>\explorer.exe"'
- hidden files
- %APPDATA%\network.exe
- <SYSTEM32>\explorer.exe
- %APPDATA%\network.exe
- <SYSTEM32>\explorer.exe
- 're#####k.pf-control.de':80
- http://re#####k.pf-control.de/gate.php
- DNS ASK re#####k.pf-control.de
- '%APPDATA%\network.exe'
- '<SYSTEM32>\explorer.exe'
- '%APPDATA%\network.exe' ' (with hidden window)
- '<SYSTEM32>\explorer.exe' ' (with hidden window)