Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\iHYbYiJXFaNY.lnk
- '<SYSTEM32>\svchost.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '%APPDATA%\POda.exe' "%APPDATA%\bEAGY"
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- <Current directory>\bEAGY
- %APPDATA%\POda.exe
- %APPDATA%\bEAGY
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- <Current directory>\POda1
- <Current directory>\POda.exe
- %HOMEPATH%\AZazfUzV90bLDL7j\POda.exe
- %HOMEPATH%\AZazfUzV90bLDL7j\bEAGY
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- from %APPDATA%\POda.exe to %HOMEPATH%\AZazfUzV90bLDL7j\POda.exe
- from %APPDATA%\bEAGY to %HOMEPATH%\AZazfUzV90bLDL7j\bEAGY