Technical Information
- [<HKLM>\System\CurrentControlSet\Services\uex] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\uex] 'ImagePath' = '<SYSTEM32>\uex.exe'
- [<HKLM>\System\CurrentControlSet\Services\joipx] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\joipx] 'ImagePath' = '<DRIVERS>\joipx.sys'
- 'uex' <SYSTEM32>\uex.exe
- 'joipx' <DRIVERS>\joipx.sys
- %WINDIR%\syswow64\00115984.tmp
- %WINDIR%\syswow64\realk.nls
- %WINDIR%\syswow64\00115d5b.tmp
- %TEMP%\temp_1138011.bat
- %WINDIR%\syswow64\drivers\joipx.sys
- from %WINDIR%\syswow64\00115984.tmp to %WINDIR%\syswow64\uex.exe
- from %WINDIR%\syswow64\00115d5b.tmp to %WINDIR%\syswow64\drivers\joipx.sys
- '%WINDIR%\syswow64\uex.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\\temp_1138011.bat "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\\temp_1138011.bat "<Full path to file>"