Technical Information
- [<HKLM>\System\CurrentControlSet\Services\AAErrorPort] 'ImagePath' = '%TEMP%\ActiveAnticheat\aaerrport.exe'
- [<HKLM>\System\CurrentControlSet\Services\PRProt] 'ImagePath' = '%TEMP%\ActiveAnticheat\1223483\active64.sys'
- 'AAErrorPort' %TEMP%\ActiveAnticheat\aaerrport.exe
- 'PRProt' %TEMP%\ActiveAnticheat\1223483\active64.sys
- <Current directory>\clmods.dll
- %TEMP%\activeanticheat\1223483\sn_1223483.dat
- %TEMP%\activeanticheat\aaerrport.exe
- %TEMP%\activeanticheat\1223483\active64.sys
- %WINDIR%\temp\udd5a5f.tmp
- %TEMP%\activeanticheat\cookie.dat
- %WINDIR%\temp\udd5a5f.tmp
- %TEMP%\activeanticheat\1223483\active64.sys
- '20#.#7.222.222':53
- 'ac####.la2-ares.pw':11001
- DNS ASK st#####ics.active-ac.ru
- '%TEMP%\activeanticheat\aaerrport.exe'