Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'bbCFacc' = '%ALLUSERSPROFILE%\bbabcde\Autoit3.exe %ALLUSERSPROFILE%\bbabcde\deheckb.a3x'
- %WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe
- C:\temp\autoit3.exe
- C:\temp\script.a3x
- C:\temp\test.txt
- %APPDATA%\bbcfacc
- C:\temp\cebfcdg
- %ALLUSERSPROFILE%\bbabcde\deheckb.a3x
- %ALLUSERSPROFILE%\bbabcde\autoit3.exe
- %ALLUSERSPROFILE%\bbabcde\test.txt
- C:\temp\deeeaah
- C:\temp\ahhcbfe
- %ALLUSERSPROFILE%\bbabcde\heaeddf
- C:\temp\deeeaah
- C:\temp\cebfcdg
- C:\temp\ahhcbfe
- C:\temp\deeeaah
- C:\temp\ahhcbfe
- 'af#####8jfadafdkfad.com':80
- http://af#####8jfadafdkfad.com/
- DNS ASK af#####8jfadafdkfad.com
- 'C:\temp\autoit3.exe' c:\temp\script.a3x
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' ' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'