Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe ,%APPDATA%\<File name>.exe'
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\mic.vbs
- %APPDATA%\<File name>.exe
- %TEMP%\mic.vbs
- 'qw#####uck.no-ip.biz':1604
- DNS ASK qw#####uck.no-ip.biz
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\mic.vbs"
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\svchost.exe'