Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = '%TEMP%\IOaL3HY3\4XgAq0my.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe
- %APPDATA%\6nnmvkrjj5.exe
- %TEMP%\ioal3hy3\4xgaq0my.exe
- %TEMP%\ussd.vbs
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- 'by##ply.eu':1614
- DNS ASK by##ply.eu
- '%APPDATA%\6nnmvkrjj5.exe'
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\USsD.vbs"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe'