Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'kQZXNwzLWR' = '%APPDATA%\oWYJiMsKDB\LcMiATJbPy.exe'
- %WINDIR%\syswow64\explorer.exe
- %APPDATA%\owyjimskdb\lcmiatjbpy.exe
- %TEMP%\user2.txt
- %APPDATA%\2b7eb54f\ak.tmp
- %TEMP%\user7
- %TEMP%\user8
- %TEMP%\user2.txt
- %TEMP%\user7
- %TEMP%\user8
- %TEMP%\user7
- %TEMP%\user8
- 'as###.no-ip.org':25565
- DNS ASK as###.no-ip.org
- ClassName: 'shell_traywnd' WindowName: ''
- '%WINDIR%\syswow64\explorer.exe'