Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\AudioSrv] 'Start' = '00000002'
- <SYSTEM32>\51E92691.rdb
- <SYSTEM32>\xjkswopfxm
- <Current directory>\vuouylsrh
- %TEMP%\tevprlldtm.dat
- <SYSTEM32>\xjkswopfxm
- <SYSTEM32>\config\SysEvent.Evt
- <SYSTEM32>\config\SecEvent.Evt
- <Current directory>\vuouylsrh
- <SYSTEM32>\config\AppEvent.Evt
- from %TEMP%\tevprlldtm.dat to <SYSTEM32>\fbdgb.biz
- from <Full path to virus> to <Current directory>\bmcwbokt
- 'wd###e.3322.org':25712
- DNS ASK wd###e.3322.org