Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'valery' = '%LOCALAPPDATA%\dllsrc\authlogin.exe'
- %ALLUSERSPROFILE%\maple18dat.vbs
- %LOCALAPPDATA%\dllsrc\authlogin.exe
- %ALLUSERSPROFILE%\wscript.vbs
- %ALLUSERSPROFILE%\maple18.vbs
- %ALLUSERSPROFILE%\wscript.vbs
- %ALLUSERSPROFILE%\maple18.vbs
- DNS ASK wo######er-60484.portmap.io
- '%WINDIR%\syswow64\wscript.exe' "%ALLUSERSPROFILE%\Maple18DAT.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%ALLUSERSPROFILE%\wscript.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%ALLUSERSPROFILE%\maple18.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c mkdir %LOCALAPPDATA%\dllsrc
- '%WINDIR%\syswow64\cmd.exe' /c "%ALLUSERSPROFILE%\Maple18DAT.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c %ALLUSERSPROFILE%\wscript.vbs
- '%WINDIR%\syswow64\cmd.exe' /c del %ALLUSERSPROFILE%\wscript.vbs
- '%WINDIR%\syswow64\cmd.exe' /c cls
- '%WINDIR%\syswow64\cmd.exe' /c start %ALLUSERSPROFILE%\maple18.vbs
- '%WINDIR%\syswow64\cmd.exe' /c del %ALLUSERSPROFILE%\maple18.vbs