Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Gqrnoa ikgbaq] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Gqrnoa ikgbaq] 'ImagePath' = '%ProgramFiles(x86)%\Windows Miwxxs\Csyquyp.exe'
- <Current directory>\¹ý¼ì²â.exe
- %ProgramFiles(x86)%\windows miwxxs\csyquyp.exe
- C:\5042.vbs
- <Current directory>\¹ý¼ì²â.exe
- <Current directory>\¹ý¼ì²â.exe
- C:\5042.vbs
- DNS ASK co####e.qicp.vip
- '<Current directory>\¹ý¼ì²â.exe'
- '%ProgramFiles(x86)%\windows miwxxs\csyquyp.exe'
- '%WINDIR%\syswow64\wscript.exe' "C:\5042.vbs"
- '%WINDIR%\syswow64\wscript.exe' "C:\5042.vbs"' (with hidden window)