Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DPInst' = '%APPDATA%\DPInst.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'DPInst' = '%APPDATA%\DPInst.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'userinit.exe%APPDATA%\DPInst.exe,'
- %APPDATA%\dpinst.exe
- %APPDATA%\dpinst.exe
- '17#.#8.242.123':80
- '%APPDATA%\dpinst.exe'
- '%APPDATA%\dpinst.exe' ' (with hidden window)