Technical Information
- [HKLM\System\CurrentControlSet\Services\Vwxyab] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\Vwxyab] 'ImagePath' = '%ProgramFiles(x86)%\UC\hyhjyc.exe'
- 'Vwxyab' %ProgramFiles(x86)%\UC\hyhjyc.exe
- %ProgramFiles(x86)%\uc\hyhjyc.exe
- %ProgramFiles(x86)%\uc\hyhjyc.exe
- from <Full path to file> to %WINDIR%\syswow64\1332716.bak
- 'tu##.noip.cn':2025
- DNS ASK tu##.noip.cn
- '%ProgramFiles(x86)%\uc\hyhjyc.exe'
- '%ProgramFiles(x86)%\uc\hyhjyc.exe' Win7
- '%WINDIR%\syswow64\attrib.exe' +h +s "%ProgramFiles(x86)%\UC\hyhjyc.exe"' (with hidden window)
- '%WINDIR%\syswow64\attrib.exe' +h +s "%ProgramFiles(x86)%\UC"' (with hidden window)
- '%WINDIR%\syswow64\attrib.exe' +h +s "%ProgramFiles(x86)%\UC\hyhjyc.exe"
- '%WINDIR%\syswow64\attrib.exe' +h +s "%ProgramFiles(x86)%\UC"