Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'yourmumgay' = '%APPDATA%\toobad.exe'
- %HOMEPATH%\start menu\programs\startup\toobad1.exe
- %HOMEPATH%\start menu\programs\startup\toobad4.vbs
- %HOMEPATH%\start menu\programs\startup\toobad3.js
- %HOMEPATH%\start menu\programs\startup\toobad2.url
- %APPDATA%\toobad.exe
- <Full path to file>
- %APPDATA%\toobad.exe
- '88.##7.107.162':9000
- '<LOCALNET>.1.7':9000
- DNS ASK bu#####ware.ddns.net
- '%APPDATA%\toobad.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 30 /tn "yourmumbad" /tr "%APPDATA%\toobad.exe"' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 30 /tn "yourmumbad" /tr "%APPDATA%\toobad.exe"