Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MASUxO' = '<LS_APPDATA>\MASUxO\MASUxORE.vbs'
- %WINDIR%\syswow64\regsvr32.exe
- %APPDATA%\masuxofai.exe
- %APPDATA%\masuxo.bmp
- %HOMEPATH%\twitter\masuxo.dat
- %HOMEPATH%\micro\masuxofrt.exe
- %HOMEPATH%\twitter\masuxo.bmp
- <LS_APPDATA>\masuxo\masuxose.bat
- <LS_APPDATA>\masuxo\masuxore.vbs
- %APPDATA%\remcos\logs.dat
- %HOMEPATH%\twitter\masuxo.dat
- DNS ASK su###ti.ddns.me
- DNS ASK 88####s.duckdns.org
- ClassName: 'EDIT' WindowName: ''
- '%APPDATA%\masuxofai.exe'
- '%WINDIR%\syswow64\regsvr32.exe'