Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rvbj' = '%APPDATA%\ugqmwpe\cjethwatwthis.exe "%TEMP%\dsvkyzz.exe" %HOMEPATH%\AppData\Loca�'
- dsvkyzz.exe
- %TEMP%\nsl4f58.tmp
- %TEMP%\mcbiom.sb
- %TEMP%\hmiamglvx.jr
- %TEMP%\dsvkyzz.exe
- %APPDATA%\ugqmwpe\cjethwatwthis.exe
- 'ch####p.dyndns.org':80
- http://ch####p.dyndns.org/
- DNS ASK ch####p.dyndns.org
- '%TEMP%\dsvkyzz.exe' %TEMP%\hmiamglvx.jr
- '%TEMP%\dsvkyzz.exe'