Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Klmnop] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Klmnop] 'ImagePath' = '%WINDIR%\pgftgg.exe'
- 'Klmnop' %WINDIR%\pgftgg.exe
- C:\22\888.exe
- %WINDIR%\pgftgg.exe
- from C:\22\888.exe to %WINDIR%\syswow64\1193421.bak
- '14#.#2.48.193':6688
- 're#.#bfull.com':15950
- DNS ASK re#.#bfull.com
- ClassName: 'EDIT' WindowName: ''
- 'C:\22\888.exe'
- '%WINDIR%\pgftgg.exe'
- '%WINDIR%\pgftgg.exe' Win7