Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sclhqavfbktp' = '%APPDATA%\bkgp\lueajsox.exe "%TEMP%\xnvla.exe" %TEMP%\hav�'
- xnvla.exe
- firefox.exe
- %TEMP%\nsk4b33.tmp
- %TEMP%\qpfiwxekg.d
- %TEMP%\havuzgqv.f
- %TEMP%\xnvla.exe
- %APPDATA%\bkgp\lueajsox.exe
- 'ch####p.dyndns.org':80
- http://ch####p.dyndns.org/
- DNS ASK ch####p.dyndns.org
- '%TEMP%\xnvla.exe' %TEMP%\havuzgqv.f
- '%TEMP%\xnvla.exe'