Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'uia' = '%APPDATA%\Microsoft\Vault\uia.exe'
- uia.exe
- %TEMP%\aut36e8.tmp
- %APPDATA%\wcjiljmiusfyvhqfpbjohjkns81087.png
- %APPDATA%\microsoft\vault\uia.exe
- %TEMP%\aut865e.tmp
- %TEMP%\aut36e8.tmp
- %TEMP%\aut865e.tmp
- 'cl#####.enigmasolutions.xyz':54578
- DNS ASK cl#####.enigmasolutions.xyz
- '%APPDATA%\microsoft\vault\uia.exe'