Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'mdbiteooz.exe' = '%WINDIR%\WindowsUpdata\mdbiteooz.exe'
- User Account Control (UAC)
- %WINDIR%\WindowsUpdata\mdbiteooz.exe
- <Full path to file>
- '88###6.iok.la':2445
- DNS ASK 88###6.iok.la
- '%WINDIR%\WindowsUpdata\mdbiteooz.exe'
- '<SYSTEM32>\cmd.exe' /c del <Full path to file> > nul