Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'tworun' = '%WINDIR%\zh-CN\buntj3.exe'
- %TEMP%\aut1.tmp
- %TEMP%\2848ceeggas
- %TEMP%\aut1.tmp
- %TEMP%\2848ceeggas
- <Full path to file>
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 0&del /q "<Full path to file>"
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 0