Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'IJJW382U11I1KDEUNX' = '<Current directory>\DUIERER8EJEOAD.EXE'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SelfRunDemo' = '<Current directory>\DUIERER8EJEOAD.EXE'
- User Account Control (UAC)
- <Current directory>\duierer8ejeoad.exe
- <Current directory>\duierer8ejeoad.exe
- 'im##vip.com':3333
- DNS ASK gm#.#hnlab.com
- DNS ASK im##vip.com
- '<Current directory>\duierer8ejeoad.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del "<Current directory>\DUIERER8EJEOAD.EXE"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del "<Current directory>\DUIERER8EJEOAD.EXE"
- '%WINDIR%\syswow64\cmd.exe' /c del "<Full path to file>"