Technical Information
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'apazetaj' = '"%WINDIR%\uvelufah.exe"'
- %WINDIR%\syswow64\explorer.exe
- %TEMP%\nsq44ec.tmp\userinfo.dll
- %APPDATA%\the.patriot[2000]dvdrip[eng]-kirklestat.avi
- %TEMP%\nsq44ec.tmp\tench.dll
- %ALLUSERSPROFILE%\ywilamepasiqugeb\01000000
- %WINDIR%\uvelufah.exe
- %ALLUSERSPROFILE%\ywilamepasiqugeb\02000000
- %ALLUSERSPROFILE%\ywilamepasiqugeb\00000000
- %TEMP%\nsq44ec.tmp\tench.dll
- %TEMP%\nsq44ec.tmp\userinfo.dll
- DNS ASK su####ecovery.ru
- '%WINDIR%\syswow64\explorer.exe'