Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'jcnj' = '%APPDATA%\ykrfsuql\mfygwa.exe "%TEMP%\mohtujw.exe" %LOCALAPPDATA%\Temp�'
- mohtujw.exe
- %TEMP%\nss8057.tmp
- %TEMP%\oiksudydqeq.ge
- %TEMP%\fvkiar.me
- %TEMP%\mohtujw.exe
- %APPDATA%\ykrfsuql\mfygwa.exe
- %ALLUSERSPROFILE%\remcos\logs.dat
- 'dr####oz1.ddns.net':1307
- 'ge###ugin.net':80
- http://ge###ugin.net/json.gp
- 'dr####oz1.ddns.net':1307
- DNS ASK dr####oz1.ddns.net
- DNS ASK ge###ugin.net
- '%TEMP%\mohtujw.exe' %TEMP%\fvkiar.me