Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'ADSL Dial' = '<Full path to file>'
- [<HKLM>\SYSTEM\ControlSet001\Services\SA3282] 'ImagePath' = '%TEMP%\yw7kOjh.sys'
- NtProtectVirtualMemory, handler: unknown
- NtCreateThread, handler: unknown
- %TEMP%\yw7kOjh.sys
- <Current directory>\AutoRunApp.vbs
- %TEMP%\yw7kOjh.sys
- <Current directory>\AutoRunApp.vbs
- <Full path to file>
- %TEMP%\yw7kOjh.sys
- '11#.#84.85.198':9519
- '<SYSTEM32>\wscript.exe' "<Current directory>\AutoRunApp.vbs"