Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'asodakaossd' = '<SYSTEM32>\cmd.exe /c start %APPDATA%\aiasfacoafiasksf.vbs exit'
- [<HKLM>\software\microsoft\windows\currentversion\run] 'asodakaossd' = '<SYSTEM32>\cmd.exe /c start %APPDATA%\aiasfacoafiasksf.vbs exit'
- %APPDATA%\microsoft\windows\start menu\programs\startup\asodakaossd.lnk
- %APPDATA%\aiasfacoafiasksf.vbs
- '<SYSTEM32>\cmd.exe' /c timeout 3&ren A:\cfsdaacdfawd\*.vbs *.vbss&exit' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c timeout 3&ren <Drive name for removable media>:\cfsdaacdfawd\*.vbs *.vbss&exit' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c timeout 3&ren A:\cfsdaacdfawd\*.vbs *.vbss&exit
- '<SYSTEM32>\cmd.exe' /c timeout 3&ren <Drive name for removable media>:\cfsdaacdfawd\*.vbs *.vbss&exit
- '<SYSTEM32>\timeout.exe' 3