Technical Information
- [<HKLM>\System\CurrentControlSet\Services\AOWBP1] 'ImagePath' = 'C:\AOWBP.sys'
- <Current directory>\mbppknzxtm3boj.exe
- <Current directory>\mbppknzxtm3boj.exe_encrypted
- <Current directory>\constructor.dll
- <Current directory>\constructor.dll_encrypted
- C:\aowbp.sys
- C:\aowbp.sys_encrypted
- %WINDIR%\temp\udd226e.tmp
- <Current directory>\mbppknzxtm3boj.exe
- <Current directory>\constructor.dll
- C:\aowbp.sys
- %WINDIR%\temp\udd226e.tmp
- <Current directory>\mbppknzxtm3boj.exe
- <Current directory>\constructor.dll
- C:\aowbp.sys
- http://pu###.vnhax.com/loader.encrypted.bin
- http://pu###.vnhax.com/loader-version
- http://pu###.vnhax.com/corona2.bin
- DNS ASK pu###.vnhax.com
- '<Current directory>\mbppknzxtm3boj.exe'