Technical Information
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\DDHelper.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\DualDesk.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\DD20.4.8201408221641\DualDesk.exe' = '%PROGRAM_FILES%\DD20.4.8201408221641\DualDesk.exe:*:Enabled:DualDesk-Server'
- '%TEMP%\nsg5.tmp\ns10.tmp' REG.EXE DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DD_Service" /f
- '%TEMP%\nsg5.tmp\ns11.tmp' REG.EXE DELETE "SYSTEM\CurrentControlSet\Services\DD_Service\Description" /f
- '%TEMP%\nsg5.tmp\nsE.tmp' REG.EXE DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DD_Service\Security" /f
- '%TEMP%\nsg5.tmp\nsF.tmp' REG.EXE DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DD_Service\Enum" /f
- '%PROGRAM_FILES%\DD20.4.8201408221641\DualDesk.exe'
- '%PROGRAM_FILES%\DD20.4.8201408221641\DDHelper.exe'
- '%TEMP%\nsg5.tmp\ns12.tmp' REG.EXE DELETE "SYSTEM\CurrentControlSet\Services\DD_Service\DependOnService" /f
- '%TEMP%\nsg5.tmp\ns13.tmp' REG.EXE DELETE "SYSTEM\CurrentControlSet\Services\DD_Service" /f
- '%TEMP%\nsg5.tmp\nsD.tmp' "netsh.exe" firewall add allowedprogram "%PROGRAM_FILES%\DD20.4.8201408221641\DualDesk.exe" "DualDesk-Server" ENABLE
- '%TEMP%\nsg5.tmp\ns7.tmp' "sc.exe" stop DD_CAD
- '%TEMP%\nsg5.tmp\ns8.tmp' "net.exe" stop DD_Service
- '%TEMP%\nsr3.tmp\DD_kcs.selfip.com_5000.exe' /23712953202-1714566495_Koons Computer Service/0
- '%TEMP%\nsg5.tmp\ns6.tmp' "sc.exe" stop DD_Service
- '%TEMP%\nsg5.tmp\nsB.tmp' "sc.exe" delete DD_CAD
- '%TEMP%\nsg5.tmp\nsC.tmp' "netsh.exe" firewall add allowedprogram "%PROGRAM_FILES%\DD20.4.8201408221641\DualDesk.exe" "DualDesk-Server" ENABLE ALL
- '%TEMP%\nsg5.tmp\ns9.tmp' "net.exe" stop DD_CAD
- '%TEMP%\nsg5.tmp\nsA.tmp' "sc.exe" delete DD_Service
- '<SYSTEM32>\reg.exe' DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DD_Service\Security" /f
- '<SYSTEM32>\reg.exe' DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DD_Service\Enum" /f
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%PROGRAM_FILES%\DD20.4.8201408221641\DualDesk.exe" "DualDesk-Server" ENABLE ALL
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%PROGRAM_FILES%\DD20.4.8201408221641\DualDesk.exe" "DualDesk-Server" ENABLE
- '<SYSTEM32>\reg.exe' DELETE "SYSTEM\CurrentControlSet\Services\DD_Service\DependOnService" /f
- '<SYSTEM32>\reg.exe' DELETE "SYSTEM\CurrentControlSet\Services\DD_Service" /f
- '<SYSTEM32>\reg.exe' DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DD_Service" /f
- '<SYSTEM32>\reg.exe' DELETE "SYSTEM\CurrentControlSet\Services\DD_Service\Description" /f
- '<SYSTEM32>\net.exe' stop DD_Service
- '<SYSTEM32>\net1.exe' stop DD_Service
- '<SYSTEM32>\sc.exe' stop DD_Service
- '<SYSTEM32>\sc.exe' stop DD_CAD
- '<SYSTEM32>\sc.exe' delete DD_Service
- '<SYSTEM32>\sc.exe' delete DD_CAD
- '<SYSTEM32>\net.exe' stop DD_CAD
- '<SYSTEM32>\net1.exe' stop DD_CAD
- %PROGRAM_FILES%\DD20.4.8201408221641\DDuninst.exe
- %TEMP%\nsg5.tmp\ddUninst.exe
- %TEMP%\nsg5.tmp\cad.exe
- %TEMP%\nsg5.tmp\nsC.tmp
- %TEMP%\nsr3.tmp\ToolBox\DD20.4.8.txt
- %TEMP%\nsr3.tmp\Configs\DD20.4.8.txt
- %PROGRAM_FILES%\DD20.4.8201408221641\DD.txt
- %TEMP%\nsg5.tmp\nsB.tmp
- %TEMP%\nsg5.tmp\nsA.tmp
- %TEMP%\nsg5.tmp\DualDesk.exe
- %PROGRAM_FILES%\DD20.4.8201408221641\UnDD.txt
- %PROGRAM_FILES%\DD20.4.8201408221641\Flag.txt
- %TEMP%\nsg5.tmp\nsD.tmp
- %TEMP%\nsg5.tmp\ns12.tmp
- %TEMP%\nsg5.tmp\ns11.tmp
- %TEMP%\nsg5.tmp\ns10.tmp
- %PROGRAM_FILES%\DD20.4.8201408221641\ToolBox\DDHelper.lnk
- %TEMP%\2-1714566495.txt
- %TEMP%\nsg5.tmp\ns13.tmp
- %HOMEPATH%\Desktop\ToolBox 20.4.8.0.lnk
- %HOMEPATH%\Desktop\Stop Remote Support.lnk
- %PROGRAM_FILES%\DD20.4.8201408221641\StopDD.reg
- %TEMP%\nsg5.tmp\nsF.tmp
- %TEMP%\nsg5.tmp\nsE.tmp
- %PROGRAM_FILES%\DD20.4.8201408221641\ToolBox\DualDesk.lnk
- %TEMP%\nsr3.tmp\Blank.bmp
- %TEMP%\nsr3.tmp\Icon2.ico
- %TEMP%\nsr3.tmp\Icon1.ico
- %TEMP%\DDreRun\DDreRun.dat
- %TEMP%\nsr3.tmp\Configs\kcsconnect.txt
- %TEMP%\nsr3.tmp\Ring.wav
- %TEMP%\nsr3.tmp\ddHelper.exe
- %TEMP%\nsr3.tmp\DD_kcs.selfip.com_5000.exe
- %TEMP%\nsm2.tmp
- %TEMP%\nsr3.tmp\Logo.bmp
- %TEMP%\nsr3.tmp\Splash.bmp
- %TEMP%\nsr3.tmp\DD.txt
- %TEMP%\DDreRun\DD_kcs.selfip.com_5000.exe
- %TEMP%\nsg5.tmp\ns6.tmp
- %TEMP%\nsg5.tmp\nsExec.dll
- %TEMP%\nsg5.tmp\ns9.tmp
- %TEMP%\nsg5.tmp\ns8.tmp
- %TEMP%\nsg5.tmp\ns7.tmp
- %PROGRAM_FILES%\DD20.4.8201408221641\Advantig.txt
- %TEMP%\nsisdt.dll
- %TEMP%\nsr3.tmp\Splash.dll
- %HOMEPATH%\My Documents\My Videos\Desktop.ini
- %TEMP%\nsr3.tmp\DD-Done.txt
- %HOMEPATH%\Start Menu\Programs\Administrative Tools\desktop.ini
- %HOMEPATH%\My Documents\My Videos\Desktop.ini
- %TEMP%\nsg5.tmp\ns11.tmp
- %TEMP%\nsg5.tmp\ns12.tmp
- %TEMP%\nsg5.tmp\ns13.tmp
- %TEMP%\nsg5.tmp\nsE.tmp
- %TEMP%\nsg5.tmp\nsF.tmp
- %TEMP%\nsg5.tmp\ns10.tmp
- %TEMP%\nsr3.tmp\DD_kcs.selfip.com_5000.exe
- %TEMP%\nsr3.tmp\Splash.bmp
- %TEMP%\nsr3.tmp\Splash.dll
- %TEMP%\nsg5.tmp\cad.exe
- %TEMP%\nsg5.tmp\nsExec.dll
- %TEMP%\nsr3.tmp\DD-Done.txt
- %TEMP%\nsg5.tmp\nsD.tmp
- %TEMP%\nsg5.tmp\ns7.tmp
- %TEMP%\nsg5.tmp\ns8.tmp
- %TEMP%\nsg5.tmp\ns9.tmp
- %TEMP%\nsisdt.dll
- %PROGRAM_FILES%\DD20.4.8201408221641\Advantig.txt
- %TEMP%\nsg5.tmp\ns6.tmp
- %PROGRAM_FILES%\DD20.4.8201408221641\UnDD.txt
- %PROGRAM_FILES%\DD20.4.8201408221641\Flag.txt
- %TEMP%\nsg5.tmp\nsC.tmp
- %TEMP%\nsg5.tmp\nsA.tmp
- %TEMP%\nsg5.tmp\nsB.tmp
- %PROGRAM_FILES%\DD20.4.8201408221641\DD.txt
- from %TEMP%\nsg5.tmp\ddUninst.exe to %PROGRAM_FILES%\DD20.4.8201408221641\Uninst.exe
- from %TEMP%\nsr3.tmp\ddHelper.exe to %PROGRAM_FILES%\DD20.4.8201408221641\DDHelper.exe
- from %TEMP%\nsg5.tmp\DualDesk.exe to %PROGRAM_FILES%\DD20.4.8201408221641\DualDesk.exe
- from %TEMP%\DDreRun\DD_kcs.selfip.com_5000.exe to %PROGRAM_FILES%\DD20.4.8201408221641\DD_kcs.selfip.com_5000.exe
- from %TEMP%\DDreRun\DDreRun.dat to %PROGRAM_FILES%\DD20.4.8201408221641\DDreRun.dat
- from %TEMP%\nsr3.tmp\DD.txt to %PROGRAM_FILES%\DD20.4.8201408221641\DD.txt
- from %TEMP%\nsr3.tmp\Icon1.ico to %PROGRAM_FILES%\DD20.4.8201408221641\icon1.ico
- from %TEMP%\nsr3.tmp\Logo.bmp to %PROGRAM_FILES%\DD20.4.8201408221641\Logo.bmp
- from %TEMP%\nsr3.tmp\Icon2.ico to %PROGRAM_FILES%\DD20.4.8201408221641\icon2.ico
- from %TEMP%\nsr3.tmp\Ring.wav to %PROGRAM_FILES%\DD20.4.8201408221641\Ring.wav
- from %TEMP%\nsr3.tmp\Blank.bmp to %PROGRAM_FILES%\DD20.4.8201408221641\Blank.bmp
- 'kc#.#elfip.com':5000
- 'www.du###esk.net':80
- 'localhost':1039
- www.du###esk.net/unreg/2-1714566495.txt
- DNS ASK kc#.#elfip.com
- DNS ASK www.du###esk.net
- ClassName: 'DualDesk Tray Icon' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'DualDesk desktop sink' WindowName: ''
- ClassName: '#32770' WindowName: ''