Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'a7208067' = '%PROGRAMDATA%\Intel\Wireless\08062a6\551c327.exe %PROGRAMDATA%\Intel\Wireless\08062a6\4b7a517.au3'
- 'C:\khivxmop\hodospve.exe' vmtxabra.au3
- %WINDIR%\syswow64\notepad.exe
- C:\khivxmop\hodospve.exe
- C:\khivxmop\pe.bin
- C:\khivxmop\vmtxabra.au3
- %TEMP%\torrent.txt
- %PROGRAMDATA%\intel\wireless\08062a6\4b7a517.au3
- %PROGRAMDATA%\intel\wireless\08062a6\551c327.exe
- %PROGRAMDATA%\intel\wireless\08062a6\pe.bin
- %PROGRAMDATA%\intel\wireless\08062a6\7325402\6335165
- %TEMP%\torrent.txt
- C:\khivxmop\vmtxabra.au3
- C:\khivxmop\hodospve.exe
- C:\khivxmop\pe.bin
- DNS ASK me####orrentt.org
- DNS ASK bc.####usercontent.nl
- 'C:\khivxmop\hodospve.exe' vmtxabra.au3' (with hidden window)
- '%WINDIR%\syswow64\notepad.exe' ' (with hidden window)
- '%WINDIR%\syswow64\notepad.exe'