Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Pqrstu Wxyabcde Ghi] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Pqrstu Wxyabcde Ghi] 'ImagePath' = '%WINDIR%\rizpeu.exe'
- [<HKLM>\System\CurrentControlSet\Services\Bcdefg] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Bcdefg] 'ImagePath' = '%WINDIR%\svchost.exe'
- 'Pqrstu Wxyabcde Ghi' %WINDIR%\rizpeu.exe
- 'Bcdefg' %WINDIR%\svchost.exe
- %WINDIR%\svchost.exe
- %TEMP%\dwm.exe
- %TEMP%\_��э����guid.exe
- %TEMP%\svchost.exe
- %TEMP%\libeay32.dll
- %TEMP%\wininit.exe
- %WINDIR%\rizpeu.exe
- %WINDIR%\svchost.exe
- from %TEMP%\svchost.exe to %WINDIR%\syswow64\1147886.bak
- from %TEMP%\wininit.exe to %WINDIR%\syswow64\1149274.bak
- '11#.#26.74.30':433
- '11#.#26.74.30':4980
- '%TEMP%\dwm.exe'
- '%TEMP%\_��э����guid.exe'
- '%TEMP%\svchost.exe'
- '%TEMP%\wininit.exe'
- '%WINDIR%\rizpeu.exe'
- '%WINDIR%\svchost.exe'
- '%WINDIR%\rizpeu.exe' Win7
- '%WINDIR%\svchost.exe' Win7