Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WRPDQD' = '"%APPDATA%\Windata\dllhost.exe"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\wrpdqd.lnk
- %TEMP%\aut91f1.tmp
- %TEMP%\ssghcr.exe
- %APPDATA%\windata\dllhost.exe
- %TEMP%\aut91f1.tmp
- 'xc#####x.duckdns.org':1337
- DNS ASK xc#####x.duckdns.org
- '%TEMP%\ssghcr.exe'