Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'YC' = '<SYSTEM32>\uppit.exe'
- uppit.exe
- %LOCALAPPDATA%\microsoft_corportation\<File name>.exe_url_0s4gpan5adiifhcrii4ayjsnun4zoyia\1.0.0.0\ixbbrith.newcfg
- <SYSTEM32>\uppit.exe
- %LOCALAPPDATA%\microsoft_corportation\uppit.exe_url_b5oq42ai2krrbidy0exvdyw3efnhuz2s\1.0.0.0\o6x3lzaq.newcfg
- from %LOCALAPPDATA%\microsoft_corportation\<File name>.exe_url_0s4gpan5adiifhcrii4ayjsnun4zoyia\1.0.0.0\ixbbrith.newcfg to %LOCALAPPDATA%\microsoft_corportation\<File name>.exe_url_0s4gpan5adiifhcrii4ayjsnun4zoyia\1.0.0.0\user.config
- from %LOCALAPPDATA%\microsoft_corportation\uppit.exe_url_b5oq42ai2krrbidy0exvdyw3efnhuz2s\1.0.0.0\o6x3lzaq.newcfg to %LOCALAPPDATA%\microsoft_corportation\uppit.exe_url_b5oq42ai2krrbidy0exvdyw3efnhuz2s\1.0.0.0\user.config
- 'sm##.gmail.com':587
- DNS ASK sm##.gmail.com
- '<SYSTEM32>\uppit.exe'