Technical Information
- %WINDIR%\tasks\bjwmvk.job
- <SYSTEM32>\tasks\bjwmvk
- %WINDIR%\tasks\aqwekqwekqwekqwekqw.job
- <SYSTEM32>\tasks\aqwekqwekqwekqwekqw
- %PROGRAMDATA%\muem\bjwmvk.exe
- %WINDIR%\temp\oucio.exe
- http://dg####stat14tp.xyz/socks777.exe
- DNS ASK mx###gs19.xyz
- DNS ASK dg####stat14tp.xyz
- '%PROGRAMDATA%\muem\bjwmvk.exe' start
- '%PROGRAMDATA%\muem\bjwmvk.exe' start' (with hidden window)