Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'KnHrURhkESinsQvKOLIU' = '%TEMP%\HTZmAYsKPZneAkqOJjso.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\ddd.exe
- '<SYSTEM32>\svchost.exe'
- '%TEMP%\aa.exe' "%TEMP%\aa.au3"
- <SYSTEM32>\svchost.exe
- %TEMP%\aut3.tmp
- %TEMP%\runess.au3
- %TEMP%\HTZmAYsKPZneAkqOJjso.exe
- %TEMP%\aa.au3
- %TEMP%\aut1.tmp
- %TEMP%\aa.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'no#####9999.no-ip.boz':1604
- DNS ASK no#####9999.no-ip.boz