Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\mipzqcrrmfag.lnk
- %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe
- %TEMP%\aut8bb7.tmp
- <Current directory>\sacb1
- <Current directory>\sacb.exe
- %TEMP%\aut8c83.tmp
- <Current directory>\fzjhx
- %APPDATA%\sacb.exe
- %APPDATA%\fzjhx
- %TEMP%\ixp000.tmp\ledimg~1.exe
- %TEMP%\autbc2e.tmp
- %TEMP%\ixp000.tmp\chuy1
- %TEMP%\ixp000.tmp\chuy.exe
- %TEMP%\autbd57.tmp
- %TEMP%\ixp000.tmp\wvcfb
- %APPDATA%\chuy.exe
- %APPDATA%\wvcfb
- %HOMEPATH%\na7d1x3kwcpse4y0\chuy.exe
- %HOMEPATH%\na7d1x3kwcpse4y0\wvcfb
- %TEMP%\aut8bb7.tmp
- %TEMP%\aut8c83.tmp
- %TEMP%\autbc2e.tmp
- %TEMP%\autbd57.tmp
- %TEMP%\ixp000.tmp\ledimg~1.exe
- %TEMP%\ixp000.tmp\chuy.exe
- %TEMP%\ixp000.tmp\chuy1
- %TEMP%\ixp000.tmp\wvcfb
- from %APPDATA%\wvcfb to %HOMEPATH%\na7d1x3kwcpse4y0\wvcfb
- from %APPDATA%\chuy.exe to %HOMEPATH%\na7d1x3kwcpse4y0\chuy.exe
- 'le####el.ddns.net':49200
- DNS ASK le####el.ddns.net
- '%APPDATA%\sacb.exe' "%APPDATA%\fZJHX"
- '%TEMP%\ixp000.tmp\ledimg~1.exe'
- '%APPDATA%\chuy.exe' "%APPDATA%\WVCfB"
- '%TEMP%\ixp000.tmp\ledimg~1.exe' ' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe'