Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'oguzaqap' = '%WINDIR%\yrizawiw.exe'
- %WINDIR%\syswow64\explorer.exe
- %PROGRAMDATA%\obituvikeqututin\01000000
- %WINDIR%\yrizawiw.exe
- %PROGRAMDATA%\obituvikeqututin\02000000
- %PROGRAMDATA%\obituvikeqututin\00000000
- DNS ASK se###r4love.ru
- '%WINDIR%\syswow64\explorer.exe'
- '<SYSTEM32>\vssvc.exe'