Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'uwmixi' = '%TEMP%\zuphe\uwmixi.url'
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %TEMP%\aut3059.tmp
- %TEMP%\regmax.exe
- %TEMP%\aut30e6.tmp
- %TEMP%\setup.exe
- %TEMP%\is-31dff.tmp\setup.tmp
- %TEMP%\is-gmebb.tmp\_isetup\_setup64.tmp
- %TEMP%\is-gmebb.tmp\_isetup\_shfoldr.dll
- %TEMP%\zuphe\aqijzt.exe
- %TEMP%\zuphe\uwmixi.url
- %TEMP%\aut3059.tmp
- %TEMP%\aut30e6.tmp
- '%TEMP%\regmax.exe'
- '%TEMP%\setup.exe'
- '%TEMP%\is-31dff.tmp\setup.tmp' /SL5="$6023E,3973919,61440,%TEMP%\setup.exe"
- '%TEMP%\zuphe\aqijzt.exe'
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'