Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ktpyienw' = '%APPDATA%\ueajsoxhclhq\avfo.exe "%TEMP%\sqpkcvtxy.exe" %LOCALAPPDATA%\�'
- sqpkcvtxy.exe
- firefox.exe
- %TEMP%\nsia87f.tmp
- %TEMP%\lsvkcus.w
- %TEMP%\wjguktskuj.cco
- %TEMP%\sqpkcvtxy.exe
- %APPDATA%\ueajsoxhclhq\avfo.exe
- 'ch####p.dyndns.org':80
- http://ch####p.dyndns.org/
- DNS ASK ch####p.dyndns.org
- '%TEMP%\sqpkcvtxy.exe' %TEMP%\wjguktskuj.cco
- '%TEMP%\sqpkcvtxy.exe'