Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xhqmvqajfoxtdy' = '%APPDATA%\xdmiravfbktpyi\enjsc.exe "%TEMP%\uljwawcsft.exe" %HOMEPATH%\AppData\Lo�'
- Windows Defender
- uljwawcsft.exe
- firefox.exe
- %TEMP%\nsca88f.tmp
- %TEMP%\ocahcvp.go
- %TEMP%\qndmpedpsqr.i
- %TEMP%\uljwawcsft.exe
- %APPDATA%\xdmiravfbktpyi\enjsc.exe
- 'ch####p.dyndns.org':80
- http://ch####p.dyndns.org/
- DNS ASK ch####p.dyndns.org
- '%TEMP%\uljwawcsft.exe' %TEMP%\qndmpedpsqr.i
- '%TEMP%\uljwawcsft.exe'