Technical Information
- [<HKLM>\System\CurrentControlSet\Services\NetworkDiagnosisService] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\NetworkDiagnosisService] 'ImagePath' = '%PROGRAMDATA%\Identities\<File name>.exe /s'
- %PROGRAMDATA%\identities\<File name>.exe
- %PROGRAMDATA%\identities\setting.conf
- 'cj##57.vip':443
- DNS ASK cj##57.vip
- '<Full path to file>' /i' (with hidden window)