Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MOpLJUYkjG' = '<LS_APPDATA>\wcaults.exe'
- <LS_APPDATA>\wcaults.exe
- %TEMP%\~1.tmp
- <LS_APPDATA>\wcaults.exe
- 'mi#######office.3utilities.com':443
- 'mi#######office.3utilities.com':80
- mi#######office.3utilities.com/wKgTlcwK/YVVTRVItNEJCMDlBOUMwMi5BZG1pbmlzdHJhdG9yLEIwNWM.asp
- DNS ASK mi#######office.3utilities.com