Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1Source' = '%APPDATA%\uFhBiJfTrGaPvX'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<File name>.exe' = 'C:\'
- <Drive name for removable media>:\PornPic.scr
- hidden files
- Windows Task Manager (Taskmgr)
- '' (downloaded from the Internet)
- C:\PornPic.scr
- %TEMP%\uFhBiJfTrGaPvX.exe
- %APPDATA%\uFhBiJfTrGaPvX
- %HOMEPATH%\Start Menu\Programsexplorer.exe
- C:\<File name>.exe
- C:\xXmmoWRrM.bat
- %APPDATA%\uFhBiJfTrGaPvX
- 'wp#d':80
- 'gi##ub.com':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://gi##ub.com/thejoker777/demoupload/raw/master/CHROME.exe
- DNS ASK wp#d
- DNS ASK gi##ub.com
- '%TEMP%\uFhBiJfTrGaPvX.exe'
- '<SYSTEM32>\sc.exe' stop wscsvc
- '<SYSTEM32>\sc.exe' stop SharedAccess