Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Mnopqr Tuvwxyab Def] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Mnopqr Tuvwxyab Def] 'ImagePath' = '<SYSTEM32>\nevpeu.exe'
- 'Mnopqr Tuvwxyab Def' <SYSTEM32>\nevpeu.exe
- %WINDIR%\syswow64\nevpeu.exe
- %WINDIR%\syswow64\nevpeu.exe
- from <Full path to file> to fuck360
- 'r3##.com':9001
- '<LOCALNET>.16.1':445
- '<LOCALNET>.16.1':139
- DNS ASK r3##.com
- '%WINDIR%\syswow64\nevpeu.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul