Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'ufwzozxwhi' = '%APPDATA%\cappkkwxuw\jxikdnmrol.exe'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'rcwjddeygf' = '<Full path to file>'
- %WINDIR%\syswow64\notepad.exe
- %APPDATA%\cappkkwxuw\jxikdnmrol.exe
- %APPDATA%\cappkkwxuw\pnlmrrmptc1702074900_21237.bin
- %ALLUSERSPROFILE%\winsvchosts\logs.dat
- 'cf##mx.co':80
- 'fa####t.ddns.net':9782
- http://cf##mx.co/download/readme.txt
- DNS ASK cf##mx.co
- DNS ASK fa####t.ddns.net
- '%WINDIR%\syswow64\notepad.exe'