Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Pqrstu] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Pqrstu] 'ImagePath' = '%ProgramFiles(x86)%\UC\hyhjyc.exe'
- 'Pqrstu' %ProgramFiles(x86)%\UC\hyhjyc.exe
- %ProgramFiles(x86)%\uc\hyhjyc.exe
- %ProgramFiles(x86)%\uc\hyhjyc.exe
- from <Full path to file> to %WINDIR%\syswow64\1339954.bak
- 'lc####10.f3322.net':5090
- 'lc####10.f3322.net':5090
- DNS ASK lc####10.f3322.net
- '%ProgramFiles(x86)%\uc\hyhjyc.exe'
- '%ProgramFiles(x86)%\uc\hyhjyc.exe' Win7
- '%WINDIR%\syswow64\attrib.exe' +h +s "%ProgramFiles(x86)%\UC\hyhjyc.exe"' (with hidden window)
- '%WINDIR%\syswow64\attrib.exe' +h +s "%ProgramFiles(x86)%\UC\hyhjyc.exe"