Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '6r8i36y6rfd59m' = '%HOMEPATH%\6r8i36y6rfd59m\80679.vbs'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %HOMEPATH%\6r8i36y6rfd59m\ndkqHUmUeGyf.WUH
- %HOMEPATH%\6r8i36y6rfd59m\83108.cmd
- %HOMEPATH%\6r8i36y6rfd59m\80679.vbs
- %HOMEPATH%\6r8i36y6rfd59m\KGqwqyYJEpI.ZCX
- %HOMEPATH%\6r8i36y6rfd59m\kVxCAI.exe
- %HOMEPATH%\6r8i36y6rfd59m\APHmhP.YHU
- %HOMEPATH%\6r8i36y6rfd59m\ndkqHUmUeGyf.WUH
- %HOMEPATH%\6r8i36y6rfd59m\80679.vbs
- %HOMEPATH%\6r8i36y6rfd59m\83108.cmd
- %HOMEPATH%\6r8i36y6rfd59m\KGqwqyYJEpI.ZCX
- %HOMEPATH%\6r8i36y6rfd59m\kVxCAI.exe
- %HOMEPATH%\6r8i36y6rfd59m\APHmhP.YHU
- 'ma###volume.net':3333
- DNS ASK ma###volume.net
- ClassName: 'EDIT' WindowName: ''
- '%HOMEPATH%\6r8i36y6rfd59m\kVxCAI.exe' APHmhP.YHU
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'