Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\MDM] 'Start' = '00000002'
- '<SYSTEM32>\wbem\instsrv.exe' MDM <SYSTEM32>\wbem\srvany.exe
- '<SYSTEM32>\wbem\srvany.exe'
- '%WINDIR%\Temp\xw_setup.exe'
- '<SYSTEM32>\wbem\mdm.exe'
- '<SYSTEM32>\sc.exe' failure MDM reset= 1 actions= restart/1
- '<SYSTEM32>\sc.exe' start MDM
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\Temp\DelUS.bat
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDM\Parameters" /v Application /t REG_SZ /d <SYSTEM32>\wbem\mdm.exe /f
- <SYSTEM32>\wbem\mdm.exe
- %WINDIR%\Temp\DelUS.bat
- %WINDIR%\Temp\xw_setup.exe
- <SYSTEM32>\wbem\instsrv.exe
- <SYSTEM32>\wbem\srvany.exe
- %WINDIR%\Temp\xw_setup.exe
- '11#.#0.171.19':30308
- ClassName: 'AutoHotkey' WindowName: '<Full path to virus>'