Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Imdaoiu375' = '<Current directory>\Cjericheda.exe'
- '<Current directory>\Cjericheda.exe'
- '<SYSTEM32>\cmd.exe' /c del "<Full path to file>"
- <Current directory>\Cjericheda.exe
- <Current directory>\Cjericheda.exe
- 'localhost':2012
- '10#.#30.121.200':2012
- DNS ASK gm#.#hnlab.com