Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'c418050d13896c05cc43ba60b35af978' = '"%TEMP%\RtkNGUI64.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'c418050d13896c05cc43ba60b35af978' = '"%TEMP%\RtkNGUI64.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\c418050d13896c05cc43ba60b35af978.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\RtkNGUI64.exe" "RtkNGUI64.exe" ENABLE
- %TEMP%\rtkngui64.exe
- 'di###t.ddns.net':2700
- DNS ASK di###t.ddns.net
- '%TEMP%\rtkngui64.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\RtkNGUI64.exe" "RtkNGUI64.exe" ENABLE' (with hidden window)