Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'HBService32' = 'System.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = ''
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'HBmhly.dll'
- ClassName: 'AskTao', WindowName: ''
- %WINDIR%\syswow64\hbmhly.dll
- %WINDIR%\syswow64\system.exe
- %TEMP%\selfdel.bat
- '%WINDIR%\syswow64\system.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\SelfDel.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\SelfDel.bat" "