Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\kbwjc.com.url
- %WINDIR%\syswow64\svchost.exe
- %APPDATA%\folder\file.exe
- %TEMP%\aut4692.tmp
- %LOCALAPPDATA%\tempwszjd.sz
- %APPDATA%\folder\file.exe
- %LOCALAPPDATA%\tempwszjd.sz
- %TEMP%\aut4692.tmp
- 'am###s.ddns.net':1604
- DNS ASK am###s.ddns.net
- '%WINDIR%\syswow64\svchost.exe'