Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '26375D0B4D' = '%APPDATA%\26375D0B4D.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '*26375D0B4D' = '%APPDATA%\26375D0B4D.exe'
- '<SYSTEM32>\taskkill.exe' /F /IM <File name>.exe
- %APPDATA%\26375d0b4d.exe
- <Full path to file>
- %APPDATA%\26375d0b4d.exe
- 'yo#.su':80
- http://yo#.su/pEXR+LJbKVDa0VIJl5Ebl7Tph/0/MhMVemiIoH4W9A9a+wgS9Yf860kOW77iM2nFx6Py2a3CJlfSc5K5Md2H0kgOrpJDx4TyA5UIejjYIwKEHCMhQzUbbql1YyDwujDji+MeGkdjbrkuGdqxlNYfZZN+khSwUqaWbu6+/Ic3gWnFT3NrMGE...
- DNS ASK ca##n.su
- DNS ASK wr#x.ru
- DNS ASK ic##s.ru
- DNS ASK hi#s.su
- DNS ASK yo#.su
- ClassName: '' WindowName: ''
- '%APPDATA%\26375d0b4d.exe'