Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Fytdej' = '"%APPDATA%\Mrijvy\Fytdej.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<File name>' = '"%APPDATA%\<File name>.exe"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.vbs
- <SYSTEM32>\tasks\defau
- %APPDATA%\mrijvy\fytdej.exe
- %APPDATA%\<File name>.exe
- '19#.#23.44.138':80
- '19#.#.98.178':1337
- '19#.#.98.178':3389
- http://19#.#23.44.138/loader/uploads/pmlatest_Uxdtsmag.png
- '<SYSTEM32>\cmd.exe' /c timeout 20' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /f /sc minute /mo 5 /tn Defau /tr "powershell -ExecutionPolicy Bypass -WindowStyle Hidden -NoExit -Command [System.Reflection.Assembly]::Load((Get-ItemProperty HKCU:\Software\Defau\).De...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c timeout 20
- '<SYSTEM32>\timeout.exe' 20
- '<SYSTEM32>\schtasks.exe' /create /f /sc minute /mo 5 /tn Defau /tr "powershell -ExecutionPolicy Bypass -WindowStyle Hidden -NoExit -Command [System.Reflection.Assembly]::Load((Get-ItemProperty HKCU:\Software\Defau\).De...