Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '<SYSTEM32>\zmhpmg.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Wxyabc Efghijkl Nop] 'Start' = '00000002'
- '<SYSTEM32>\zmhpmg.exe'
- '<SYSTEM32>\wscript.exe' "C:\4429.vbs"
- C:\4429.vbs
- <SYSTEM32>\zmhpmg.exe
- C:\4429.vbs
- 'cl####aq.f3322.net':2014
- DNS ASK cl####aq.f3322.net