Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Call Program Drive Session VC Auto Experience] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Call Program Drive Session VC Auto Experience] 'ImagePath' = 'C:\aojaditas\sgpfwthml.exe'
- 'Call Program Drive Session VC Auto Experience' C:\aojaditas\sgpfwthml.exe
- %WINDIR%\aojaditas\odlwysgtvs
- C:\aojaditas\odlwysgtvs
- C:\aojaditas\foomk30cpsnbrueu.exe
- C:\aojaditas\sgpfwthml.exe
- C:\aojaditas\nahrsmeqxetw.exe
- C:\aojaditas\c6titwvhjj05
- C:\aojaditas\sgpfwthml.exe
- C:\aojaditas\nahrsmeqxetw.exe
- %WINDIR%\aojaditas\odlwysgtvs
- C:\aojaditas\foomk30cpsnbrueu.exe
- %WINDIR%\aojaditas\odlwysgtvs
- '5.#.166.192':41199
- '72.#9.59.91':23362
- '19#.#7.134.20':44965
- '20#.#70.207.211':37727
- '10#.#25.112.152':47507
- '10#.#67.38.149':20466
- '17#.#40.117.149':27603
- '61.##6.2.217':25840
- 'C:\aojaditas\foomk30cpsnbrueu.exe'
- 'C:\aojaditas\sgpfwthml.exe'
- 'C:\aojaditas\nahrsmeqxetw.exe' "c:\aojaditas\sgpfwthml.exe"