Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'BDAAMXTuuFovUAfQBDse' = '%TEMP%\HbHqWCTJfmUwgmWOBqRL.vbs'
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\hbhqwctjfmuwgmwobqrl.vbs
- %TEMP%\aut94df.tmp
- %TEMP%\aa.exe
- %TEMP%\aut956c.tmp
- %TEMP%\zlunfkvhmtzxyplcltxy.au3
- %TEMP%\aut95ea.tmp
- %TEMP%\runess.au3
- %TEMP%\runess.au3
- %TEMP%\zlunfkvhmtzxyplcltxy.au3
- %TEMP%\hbhqwctjfmuwgmwobqrl.vbs
- %TEMP%\aa.exe
- %TEMP%\aut94df.tmp
- %TEMP%\aut956c.tmp
- %TEMP%\aut95ea.tmp
- DNS ASK mo###.ddns.net
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\HbHqWCTJfmUwgmWOBqRL.vbs"
- '%TEMP%\aa.exe' %TEMP%\ZLUnFKvhMtzXypLcLTxy.au3
- '%WINDIR%\syswow64\svchost.exe'