Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Xefqgu puxlbmvx' = '%ProgramFiles(x86)%\Microsoft Atwnqk\Bzmigix.exe'
- %ProgramFiles(x86)%\microsoft atwnqk\bzmigix.exe
- C:\5014.vbs
- C:\5014.vbs
- '13#.#29.98.11':2015
- '%ProgramFiles(x86)%\microsoft atwnqk\bzmigix.exe'
- '%WINDIR%\syswow64\wscript.exe' "C:\5014.vbs"
- '%WINDIR%\syswow64\wscript.exe' "C:\5014.vbs"' (with hidden window)