Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'hk' = '%ALLUSERSPROFILE%\Start Menu\Programs\bios4.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'bios' = '%APPDATA%\bios3\bios3'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %TEMP%\sLvRjiioS.pa
- <SYSTEM32>\.Identifier
- %TEMP%\aut1.tmp
- %APPDATA%\bios3\bios3
- %ALLUSERSPROFILE%\Start Menu\Programs\bios4.exe
- <SYSTEM32>\.Identifier
- %TEMP%\aut1.tmp
- 'tu###.ddns.net':1008
- DNS ASK tu###.ddns.net