Technical Information
- [<HKLM>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN] 'xbtkiqx' = 'C:\xbtkiq.exe'
- User Account Control (UAC)
- Windows Security Center
- <SYSTEM32>\mobsync.exe
- C:\xbtkiq.exe
- C:\xbtkiq.dll
- C:\xbtkiq.dll
- C:\xbtkiq.exe
- ClassName: '' WindowName: 'Aplicativo ItaГє'
- ClassName: 'MS_WINHELP' WindowName: ''
- 'C:\xbtkiq.exe'
- 'C:\xbtkiq.exe' ' (with hidden window)
- '<SYSTEM32>\mobsync.exe'