Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Vwxyab' = '%WINDIR%\aaaaaa.exe'
- %WINDIR%\pchjco.exe
- %WINDIR%\nannaa.exe
- %WINDIR%\wwmiwy.exe
- %WINDIR%\uusmuk.exe
- %WINDIR%\kkwgks.exe
- %WINDIR%\boxlou.exe
- %WINDIR%\vipxie.exe
- %WINDIR%\aaaaaa.exe
- '10#.#6.79.12':2017
- '%WINDIR%\pchjco.exe'
- '%WINDIR%\nannaa.exe'
- '%WINDIR%\wwmiwy.exe'
- '%WINDIR%\uusmuk.exe'
- '%WINDIR%\kkwgks.exe'
- '%WINDIR%\boxlou.exe'
- '%WINDIR%\vipxie.exe'
- '%WINDIR%\aaaaaa.exe'
- '<SYSTEM32>\cmd.exe' /c del <Full path to file> > nul
- '<SYSTEM32>\cmd.exe' /c del %WINDIR%\pchjco.exe > nul
- '<SYSTEM32>\cmd.exe' /c del %WINDIR%\nannaa.exe > nul
- '<SYSTEM32>\cmd.exe' /c del %WINDIR%\wwmiwy.exe > nul
- '<SYSTEM32>\cmd.exe' /c del %WINDIR%\uusmuk.exe > nul
- '<SYSTEM32>\cmd.exe' /c del %WINDIR%\kkwgks.exe > nul
- '<SYSTEM32>\cmd.exe' /c del %WINDIR%\boxlou.exe > nul
- '<SYSTEM32>\cmd.exe' /c del %WINDIR%\vipxie.exe > nul