Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cFyznv' = '%APPDATA%\ralink.exe.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\uwaMMPGtd9.eu.url
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %TEMP%\me4ls6aSG.YM
- %APPDATA%\Monitor\Screenshots\04-30-2017\12.37 AM
- %TEMP%\aut1.tmp
- %APPDATA%\uwaMMPGtd9\uwaMMPGtd9.exe
- %APPDATA%\ralink.exe.exe
- %TEMP%\aut1.tmp
- 'ni####ine.solutions':44744
- DNS ASK ni####ine.solutions