Technical Information
- [HKLM\System\CurrentControlSet\Services\RDP-Controller] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\RDP-Controller] 'ImagePath' = 'C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe'
- 'RDP-Controller' C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
- '<SYSTEM32>\taskkill.exe' /F /FI "SERVICES eq RDP-Controller"
- %TEMP%\installer.log
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rd\routerinfo-dotz7wi35oxzfovs4kew-oeja9pvejasiy5zjlhyo7k=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rh\routerinfo-hy~f330~zg7sweywh8npse7wtx6vojlrsnqjtlzanoo=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rr\routerinfo-rqbckki7pmvgtp1pwxopvpo8wesnl77ia1dtkzavlgs=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rz\routerinfo-zizuk3jhkvxniugg5ctljko4kgous5cosirxzebggnw=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\ru\routerinfo-ugfz4~7ryez2yvj74izyrzu1wmiwrlyjung4zxfetci=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rb\routerinfo-bm-orzqrjm31ja88pv68ui7e4-szj82mzdrzupmaouw=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\r9\routerinfo-9ezqona5rmpvxtpi-klibquyvrbu6qgxzex-c6guzye=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\re\routerinfo-ejty8lkazu2lhco8loybe~pqvjz9fnzofztir9wfs1o=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rz\routerinfo-zanouaxn12svf0q8vrgzqej9v7vco1kz3xys4o-ydj0=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rz\routerinfo-zhqn2i4zone5be2zbwlqznrndjipbvihsnhq~eozn6u=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\ra\routerinfo-amx7k0cxmikbhj9lkgbke9tvry7wccohhir89wjhyts=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rb\routerinfo-bghen2h~agsmc0ch0s58b2~gw4jualh7vl3ef9ovy4a=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rj\routerinfo-jt~vmq9xudw03qvosdpn3jluh2bixbfdozfi6gib1xo=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\ra\routerinfo-acw3-3vwjdabzr7b8slj90fhucdb3t4m1hbin1orhhy=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rz\routerinfo-zeaidwsjdqrjax58no-cwrdwk11cazcjl1zhrcl7ogy=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\klgpaedeoym6exn2vhs4ohcexoydainq32j5a3u5jv75fsqdrsqa.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\2hpnrrvpms6cnefdtgqjp6xgg7uboavrvgs6k4w6zedwnupdbg5a.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rb\routerinfo-bhy1jqoj8eyzdipxhfa8a8yuynoxbixdlk2f9uyhxru=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\config.ini
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rz\routerinfo-zi~bl21ueq3ir7zmflblu0dtoa~f6nbw-6-l4kbqbm0=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rs\routerinfo-slidpsd6hi4l1ilr525bstqcocek-ncxhdiemgjhxwa=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\ru\routerinfo-uefo-rn27jpk1b0usx3vpmzudfx-ji4qvtbevcl0pmu=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\ro\routerinfo-oyovqwzmasqfkf7yxnwbiosflgdg8pnsnfyyaurjg60=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\ri\routerinfo-ibsvqweb7~iyodsid-jqo~nyf8zfitpd~lvecuqaovw=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rh\routerinfo-hpzc0qa8wfbyek8uol2z4aoqfsvkx5rbytwazbrwww4=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rn\routerinfo-ng55~-tl2tf-qp4-87x1p5mnzhs0fgba~qtsvewzmjg=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\r9\routerinfo-986cqqussfccx~qka8hzyru7v4pvawvnk4xcul2foh8=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rj\routerinfo-jtbtl~5d1ik9sqmknfrtlxxeulegogphvpvimg9urlo=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\cowhifkj7axizaniz3zf34gng5iescus5rtsuoqie6gw4pxplyka.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\r-\routerinfo--e0sw5rdvxh2vrcfjnnaugby8gyas-s8sxze7ufhjke=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rz\routerinfo-zrqxmq62kx-2w7vq-naxx~xqexpzzxcv~n3slw0t8dy=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rb\routerinfo-bpatv4o2-r6~pbhjtlel5qgo7wn-5f1n6ogrovxyieg=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rz\routerinfo-ziauj8fnm~4gktjupfx4rl9cwlyu65iauxujoxg-kae=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\r7\routerinfo-7r23byxg-ahspbqpxzappj1tbskdky9dvfbagpsvof0=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rz\routerinfo-z5d3oppuyo5z1ujqftp3~8r3ji5wswxbb7cpfpnubak=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rx\routerinfo-xuczk-fo-b1i6hiwcl~1jme-iwof1ncyt-8pu8rbyqi=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\r8\routerinfo-8zskz7pr-vikjm6a7ppukh42q0ruciaazjjrjldzngk=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rl\routerinfo-lg7ysa3lay2m4ibxhsvyq-ssjs5zkg8z9fp80h7pw10=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rz\routerinfo-zjhgrmbx2sparqfs8k-c5cg0ow69r5azstpqivhjm2g=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rx\routerinfo-xyr1qpdhlzbfoes1ibknw75x4diisbf99jpl4zyjpk0=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\fkumhyfw4dtgji4voihayej4bfbspqbwzpgysoknnkotptbyaspq.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll
- %WINDIR%\temp\gsqdd10r
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll
- %WINDIR%\temp\x1aum30s
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.su3
- %WINDIR%\temp\uqi9cznt
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.conf
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\ri\routerinfo-itfsh6~vhwtl2lbteh94atitylkjhacmbhodsyd5ryi=.dat
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.ini
- %WINDIR%\temp\oxahunkf
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll
- %WINDIR%\temp\5xasc92d
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\referrer
- %WINDIR%\temp\2zhbrq6s
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\update.pkg
- %WINDIR%\temp\zzmx4cek
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\rf\routerinfo-fygemmf93bsf660fnvpyhptlt6wyalwhfu1fgz3koyw=.dat
- %WINDIR%\temp\lw9ceoj2
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.info
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ssu2.keys
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ntcp2.keys
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.keys
- %WINDIR%\temp\nvcdm8i3
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log
- %WINDIR%\temp\241jj7us
- %WINDIR%\temp\pdnoello
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll
- %WINDIR%\temp\gmmwonj1
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll
- %WINDIR%\temp\zham9vqs
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll
- %WINDIR%\temp\kqz706y6
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npx5adyeh7eu.acl
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\netdb\r1\routerinfo-1hmrg99yqg8zyfxfct3zio4jjitojzu2hm7olmk2hva=.dat
- %WINDIR%\temp\2zhbrq6s
- %WINDIR%\temp\5xasc92d
- %WINDIR%\temp\oxahunkf
- %WINDIR%\temp\zzmx4cek
- %WINDIR%\temp\uqi9cznt
- %WINDIR%\temp\x1aum30s
- %WINDIR%\temp\gsqdd10r
- %WINDIR%\temp\241jj7us
- %WINDIR%\temp\lw9ceoj2
- %WINDIR%\temp\nvcdm8i3
- %WINDIR%\temp\kqz706y6
- %WINDIR%\temp\zham9vqs
- %WINDIR%\temp\gmmwonj1
- %WINDIR%\temp\pdnoello
- C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\update.pkg
- 'localhost':41673
- '18#.#55.23.109':20754
- '73.#7.22.30':24222
- '95.##.161.50':15841
- '69.##0.23.166':25182
- '83.#.226.235':11257
- '23.##.180.44':21988
- '57.##8.220.163':23655
- '15.##4.87.76':14567
- '96.##.227.85':23169
- '22#.#53.251.155':6097
- '62.##.150.167':4567
- '62.##0.85.80':24767
- '62.##0.201.207':48462
- '19#.#09.139.247':19022
- '91.##1.113.252':37159
- '17#.#86.88.225':24006
- '23.##7.250.43':24642
- '85.##0.157.152':8426
- '91.##2.225.45':4567
- '85.#.171.9':19675
- '98.##2.66.84':14923
- '14#.75.7.22':9492
- '15#.#96.97.110':29040
- '11#.#03.78.56':27545
- '68.##.223.203':29371
- '94.##3.93.103':40783
- '95.##8.36.98':30125
- '23.##7.249.66':9520
- '73.#7.83.88':14840
- '85.#7.55.16':12745
- '86.##5.25.230':17616
- '18#.#48.3.38':19378
- '14#.#1.160.174':12362
- 're####.diva.exchange':443
- '66.##.109.210':17149
- '18#.#0.199.126':16929
- '14#.#90.228.179':25745
- '10#.#91.73.121':13769
- '97.##.131.144':13857
- '5.##.88.21':4224
- '97.##3.204.16':44210
- '50.##.129.77':14421
- '21#.#16.61.165':24605
- '35.##2.157.115':38525
- '21#.#8.11.69':9887
- '5.###.132.104':62468
- '46.##3.155.12':12506
- '2.###.41.251':10599
- '13#.#80.212.226':23817
- '18#.#30.45.216':50980
- '86.##9.200.24':10266
- 'localhost':41656
- '74.##6.117.81':25569
- '73.##7.189.239':13048
- '19#.#6.168.197':27747
- '76.##.154.53':10713
- '88.#10.6.42':25314
- '17#.#89.222.4':12313
- '83.##.239.234':17237
- '17#.#80.190.6':30330
- '5.##9.44.80':18217
- '10#.#09.184.114':11024
- 're####.memcpy.io':443
- '87.##1.72.165':13467
- '76.##6.179.119':13071
- 're####.diva.exchange':443
- '73.#7.83.88':14840
- '18#.#55.23.109':20754
- '73.#7.22.30':24222
- '95.##.161.50':15841
- '83.#.226.235':11257
- '69.##0.23.166':25182
- '57.##8.220.163':23655
- '78.#6.44.36':7832
- '62.##.150.167':4567
- 'localhost':49241
- '22#.#53.251.155':6097
- '62.##0.85.80':24767
- '91.##1.113.252':37159
- '62.##0.201.207':48462
- '17#.#86.88.225':24006
- '23.##7.250.43':24642
- '85.#.171.9':19675
- '98.##2.66.84':14923
- '15#.#96.97.110':29040
- '18#.#41.114.246':20183
- '94.##3.93.103':40783
- '11#.#03.78.56':27545
- '68.##.223.203':29371
- 'localhost':49259
- '46.##3.155.12':12506
- '85.#7.55.16':12745
- '23.##7.249.66':9520
- 'localhost':49226
- '17#.#80.190.6':30330
- 'localhost':49189
- 'localhost':49190
- 'localhost':49191
- 'localhost':49187
- 'localhost':49188
- '14#.#90.228.179':25745
- '66.##.109.210':17149
- '5.##.88.21':4224
- '97.##.131.144':13857
- '97.##3.204.16':44210
- '35.##2.157.115':38525
- '21#.#8.11.69':9887
- '10#.#91.73.121':13769
- '19#.#09.139.247':19022
- '18#.#30.45.216':50980
- '13#.#80.212.226':23817
- 'localhost':41656
- 'localhost':49210
- '21#.#16.61.165':24605
- '74.##6.117.81':25569
- '73.##7.189.239':13048
- '85.##6.94.124':28954
- '88.#10.6.42':25314
- '83.##.239.234':17237
- '17#.#89.222.4':12313
- '86.##5.25.230':17616
- '76.##6.179.119':13071
- DNS ASK re####.memcpy.io
- DNS ASK re####.diva.exchange
- '96.##.227.85':23169
- '15.##4.87.76':14567
- '23.##.180.44':21988
- '85.#.171.9':19675
- '10#.#15.44.135':59534
- '18#.#41.114.246':20183
- '18#.#48.3.38':19378
- '14#.#1.160.174':12362
- '10#.#09.184.114':11024
- '5.##9.44.80':18217
- '76.##.154.53':10713
- '18#.#55.23.109':20754
- '86.##9.200.24':10266
- '87.##1.72.165':13467
- '5.###.132.104':62468
- '50.##.129.77':14421
- '18#.#0.199.126':16929
- '19#.#6.168.197':27478
- '66.##.109.210':17149
- '88.#10.6.42':25314
- '74.##6.117.81':25569
- '20#.#9.168.216':29170
- '78.#6.44.36':7832
- '85.##6.94.124':28954
- '17#.#9.236.36':10483
- '82.##0.23.208':10672
- '2.###.41.251':10599
- '85.##0.157.152':8426
- ClassName: '' WindowName: ''
- 'C:\users\public\computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe'
- '<SYSTEM32>\sc.exe' stop RDP-Controller
- '<SYSTEM32>\sc.exe' create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore
- '<SYSTEM32>\sc.exe' failure RDP-Controller reset= 1 actions= restart/10000
- '<SYSTEM32>\sc.exe' start RDP-Controller
- '<SYSTEM32>\icacls.exe' C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
- '<SYSTEM32>\icacls.exe' C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npX5adYEH7eu.acl
- '<SYSTEM32>\taskkill.exe' /F /FI "SERVICES eq RDP-Controller"' (with hidden window)
- '<SYSTEM32>\sc.exe' stop RDP-Controller' (with hidden window)
- '<SYSTEM32>\sc.exe' create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore' (with hidden window)
- '<SYSTEM32>\sc.exe' failure RDP-Controller reset= 1 actions= restart/10000' (with hidden window)
- '<SYSTEM32>\sc.exe' start RDP-Controller' (with hidden window)
- '<SYSTEM32>\icacls.exe' C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18' (with hidden window)
- '<SYSTEM32>\icacls.exe' C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npX5adYEH7eu.acl' (with hidden window)