Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,"%LOCALAPPDATA%\VB4YvNQtwV\FN50d6t3AE.exe" -s'
- %TEMP%\9f6cb30d-625b-4ee5-9f8a-26e27dab17a7\agiledotnetrt64.dll
- %TEMP%\gbb.exe
- <Current directory>\bndf.exe
- %LOCALAPPDATA%\vb4yvnqtwv\fn50d6t3ae.exe
- %LOCALAPPDATA%\vb4yvnqtwv\fn50d6t3ae.exe
- 'ps##.#uckdns.org':5333
- DNS ASK ps##.#uckdns.org
- '%TEMP%\gbb.exe'
- '<Current directory>\bndf.exe'