Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\jZkCYNmRZW.exe.LNK
- %HOMEPATH%\Start Menu\Programs\Startup\kkhVqpdqeY.exe.LNK
- %HOMEPATH%\Start Menu\Programs\Startup\JtslDsGSHN.exe.LNK
- User Account Control (UAC)
- '%TEMP%\dmpHYfPMpf.exe' /nogui %TEMP%\MHGkY BJdp.txt
- '%TEMP%\dmpHYfPMpf.exe' (downloaded from the Internet)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\dmpHYfPMpf.exe /nogui %TEMP%\MHGkY BJdp.txt
- '<SYSTEM32>\regsvr32.exe' /s <SYSTEM32>\add-ons.ocx
- %TEMP%\jZkCYNmRZW.exe
- %TEMP%\MHGkY BJdp.txt
- %TEMP%\dmpHYfPMpf.exe
- <SYSTEM32>\add-ons.ocx
- %TEMP%\kkhVqpdqeY.exe
- %WINDIR%\JtslDsGSHN.exe
- '19#.#95.193.51':80
- 'www.dr##box.com':443
- http://19#.#95.193.51/Daniel/Aviso/19-05/Flash.exe
- http://19#.#95.193.51/Daniel/Aviso/19-05/inf.php
- DNS ASK www.dr##box.com