Technical Information
- [<HKLM>\System\CurrentControlSet\Services\glbu`u`+v|v] 'ImagePath' = '<Current directory>\bigpepe.sys'
- '' (downloaded from the Internet)
- <Current directory>\pepe_calculator.exe
- <Current directory>\smollpepe.sys
- <Current directory>\bigpepe.sys
- %WINDIR%\temp\uddac4a.tmp
- %WINDIR%\temp\uddb813.tmp
- %WINDIR%\temp\uddbfe4.tmp
- %WINDIR%\temp\uddc7b5.tmp
- %WINDIR%\temp\uddcf86.tmp
- %WINDIR%\temp\uddd757.tmp
- %WINDIR%\temp\uddac4a.tmp
- %WINDIR%\temp\uddb813.tmp
- %WINDIR%\temp\uddbfe4.tmp
- %WINDIR%\temp\uddc7b5.tmp
- %WINDIR%\temp\uddcf86.tmp
- %WINDIR%\temp\uddd757.tmp
- http://hy###cloud.cc/hjsagdt7auhdsa/mapper.exe
- http://hy###cloud.cc/hjsagdt7auhdsa/driver.sys
- http://hy###cloud.cc/hjsagdt7auhdsa/gay.sys
- DNS ASK hy###cloud.cc
- '<Current directory>\pepe_calculator.exe' bigpepe.sys smollpepe.sys
- '%WINDIR%\syswow64\cmd.exe' /c cls
- '%WINDIR%\syswow64\cmd.exe' /c pepe_calculator.exe bigpepe.sys smollpepe.sys