Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'sh' = '%ProgramFiles%\jlihylols\vqpiwj.exe "%ProgramFiles%\jlihylols\vqpiwj.dll",Shared'
- %TEMP%\tqnsudo.exe
- %ProgramFiles%\jlihylols\vqpiwj.dll
- %ProgramFiles%\jlihylols\vqpiwj.exe
- C:\1.txt
- %TEMP%\tqnsudo.exe
- '10#.#60.131.251':18659
- '10#.#63.56.110':18530
- '10#.#60.131.252':23588
- DNS ASK ho###23.zz.am
- '%TEMP%\tqnsudo.exe' "<Full path to file>"
- '%ProgramFiles%\jlihylols\vqpiwj.exe' "%ProgramFiles%\jlihylols\vqpiwj.dll",Shared %TEMP%\tqnsudo.exe
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 2&%TEMP%\\tqnsudo.exe "<Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 2&%TEMP%\\tqnsudo.exe "<Full path to file>"
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 2