Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'ϵͳÉý¼¶Ö§³Ö' = '<Full path to file>\<File name>.exe'
- %TEMP%\mz_etilqs_8z68rl8rcnrtbp5
- %TEMP%\mz_etilqs_rjm1yfosnrqtbl6
- %TEMP%\mz_etilqs_rxnbfhhjveq63pz
- <Full path to file>
- 'jm##z.xyz':14998
- '34.##0.144.191':443
- 'jm##z.xyz':14998
- '34.##0.144.191':443
- DNS ASK jm##z.xyz
- DNS ASK fe########alog-cdn.prod.mozaws.net