Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\gnxggxh.lnk
- %WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe
- %TEMP%\rarsfx0\cjvbchp.exe
- %TEMP%\rarsfx0\aarvzwjrynjuog
- %APPDATA%\ntuughrjxj\8401.xml
- %APPDATA%\ntuughrjxj\aarvzwjrynjuog
- %APPDATA%\3a0b0610\0160b0a3k
- from %APPDATA%\ntuughrjxj\8401.xml to %APPDATA%\ntuughrjxj\rvbchppicvk.exe
- 'pa####s.mooo.com':9000
- DNS ASK pa####s.mooo.com
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'IEFrame' WindowName: ''
- '%TEMP%\rarsfx0\cjvbchp.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe'