Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'vzwqvpxo' = '"%HOMEPATH%\moozkb.exe"'
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\moozkb.exe
- %TEMP%\uwoqpby.exe
- <Full path to file>
- %TEMP%\uwoqpby.exe
- '10#.#48.137.133':465
- '%HOMEPATH%\moozkb.exe' /d"<Full path to file>"
- '<SYSTEM32>\svchost.exe'