Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Opqrst] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Opqrst] 'ImagePath' = '%WINDIR%\waksaq.exe'
- [<HKLM>\System\CurrentControlSet\Services\Defghi] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Defghi] 'ImagePath' = '%WINDIR%\swwawo.exe'
- C:\gta1.exe
- C:\gta2.exe
- %WINDIR%\waksaq.exe
- %WINDIR%\swwawo.exe
- C:\gta1.exe
- C:\gta2.exe
- from C:\gta1.exe to %WINDIR%\syswow64\1197156.bak
- from C:\gta2.exe to %WINDIR%\syswow64\1215109.bak
- 're#.#bfull.com':15950
- 're#.#bfull.com':15950
- '11#.#88.245.171':8001
- DNS ASK re#.#bfull.com
- 'C:\gta1.exe'
- 'C:\gta2.exe'
- '%WINDIR%\waksaq.exe'
- '%WINDIR%\swwawo.exe'
- '%WINDIR%\waksaq.exe' Win7
- '%WINDIR%\swwawo.exe' Win7
- 'C:\gta1.exe' ' (with hidden window)
- 'C:\gta2.exe' ' (with hidden window)