Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'h79SSlBko' = '%TEMP%\USB Security.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'hDZrmXxrD' = '%ALLUSERSPROFILE%\USB Scan Virus.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'wW6lDa3Sc' = '%APPDATA%\USB Security.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'eQRpoayuO' = '%HOMEPATH%\USB Scan Virus.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'gyP7GzfB9' = '%WINDIR%\USB Security.exe'
- %TEMP%\USB Security.exe
- %ALLUSERSPROFILE%\USB Scan Virus.exe
- %APPDATA%\USB Security.exe
- %HOMEPATH%\USB Scan Virus.exe
- %WINDIR%\USB Security.exe
- %TEMP%\USB Security.exe
- %ALLUSERSPROFILE%\USB Scan Virus.exe
- %APPDATA%\USB Security.exe
- %HOMEPATH%\USB Scan Virus.exe
- %WINDIR%\USB Security.exe
- 'wp#d':80
- 'pa###bin.com':443
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK wp#d
- DNS ASK pa###bin.com
- '%TEMP%\USB Security.exe'
- '%ALLUSERSPROFILE%\USB Scan Virus.exe'
- '%APPDATA%\USB Security.exe'
- '%HOMEPATH%\USB Scan Virus.exe'
- '%WINDIR%\USB Security.exe'