Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\bitb857.tmp
- %WINDIR%\syswow64\svchost.exe
- %APPDATA%\bitae67.tmp
- %APPDATA%\vcmnc.lnk
- %TEMP%\tmp.tmp
- %APPDATA%\bitae67.tmp
- %APPDATA%\microsoft\windows\start menu\programs\startup\bitb857.tmp
- %APPDATA%\vcmnc.lnk
- from %APPDATA%\bitae67.tmp to %APPDATA%\vcmnc.exe
- 'zl#####rta.duckdns.org':6033
- DNS ASK zl#####rta.duckdns.org
- '%WINDIR%\syswow64\svchost.exe'