Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ZzHUSAAXvF' = 'C:\Users\Public\ZzHUSAAXvF.vbs'
- %APPDATA%\bidispl\securityhealthservice.bat
- %APPDATA%\screenshots\time_20190805_230829.png
- %APPDATA%\remcos\logs.dat
- 'ja#####2.bounceme.net':3103
- DNS ASK ja#####2.bounceme.net