Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Default1' = 'C:\Documents and Settings\klgproc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Default0' = 'rundll32 C:\Documents and Settings\rat_client0.dll dllmain'
- 'C:\Documents and Settings\klgproc.exe'
- '<SYSTEM32>\rundll32.exe' C:\Documents and Settings\rat_client0.dll dllmain
- C:\Documents and Settings\klgproc.exe
- C:\Documents and Settings\rat_client0.dll
- C:\Documents and Settings\klgproc.exe
- C:\Documents and Settings\rat_client0.dll
- 'my####rnalip.com':80
- 'wk###1.ddns.net':600
- '88.#51.96.4':21
- http://my####rnalip.com/raw
- DNS ASK my####rnalip.com
- DNS ASK wk###1.ddns.net
- ClassName: 'Indicator' WindowName: ''