Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Java' = '%TEMP%\svñîst\svñîst.exe'
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,%TEMP%\svñîst\svñîst.exe'
- %TEMP%\rarsfx0\info.bat
- %TEMP%\rarsfx0\superb.sfx.exe
- %TEMP%\rarsfx1\hets.exe
- %TEMP%\svГ±Г®st\svГ±Г®st.exe
- %TEMP%\rarsfx0\info.bat
- %TEMP%\rarsfx0\superb.sfx.exe
- 'vz#####758909.ddns.net':1604
- DNS ASK vz#####758909.ddns.net
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\rarsfx0\superb.sfx.exe' -p12345 -d%LOCALAPPDATA%\Temp
- '%TEMP%\rarsfx1\hets.exe'
- '%TEMP%\svГ±Г®st\svГ±Г®st.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\RarSFX0\info.bat" "