Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Kinadiy' = '%APPDATA%\Ciinr\ypzia.exe'
- %WINDIR%\syswow64\msiexec.exe
- %APPDATA%\ciinr\ypzia.exe
- 'sf###edfyr.xyz':443
- DNS ASK sf###edfyr.xyz
- '%WINDIR%\syswow64\cmd.exe' /c ipconfig /all' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c net config workstation' (with hidden window)
- '%WINDIR%\syswow64\msiexec.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ipconfig /all
- '%WINDIR%\syswow64\ipconfig.exe' /all
- '%WINDIR%\syswow64\cmd.exe' /c net config workstation