Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'BIOS Backup' = '%APPDATA%\u126pHat1XEZ.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'BIOS Backup' = '%APPDATA%\u126pHat1XEZ.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'BIOS Backup' = '%APPDATA%\SfJZS6B0HFoG.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'BIOS Backup' = '%APPDATA%\SfJZS6B0HFoG.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Adobe Auto Updater' = '%APPDATA%\Adobe Systems\Updater.exe'
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- hidden files
- User Account Control (UAC)
- %APPDATA%\u126phat1xez.exe
- %APPDATA%\sfjzs6b0hfog.exe
- %APPDATA%\adobe systems\updater.exe
- %APPDATA%\adobe systems\set.bin
- %APPDATA%\u126phat1xez.exe
- %APPDATA%\sfjzs6b0hfog.exe
- DNS ASK re###en.info
- 'localhost':50297
- 'localhost':60321
- '%APPDATA%\adobe systems\updater.exe'
- '%WINDIR%\syswow64\netsh.exe' Advfirewall set Currentprofile State off