Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSASCuiL' = '%APPDATA%\MSASCuiL.exe'
- %APPDATA%\msascuil.exe
- <Full path to file>
- %APPDATA%\msascuil.exe
- http://ga###-cheat.ru/update/pred.exe
- DNS ASK ga###-cheat.ru
- DNS ASK ip###ger.org
- '%APPDATA%\msascuil.exe'
- '<SYSTEM32>\cmd.exe' / C choice /C Y /N /D Y /T 3 & Del "<Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' / C choice /C Y /N /D Y /T 3 & Del "<Full path to file>"