Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'jOkYYoEQ.exe' = '%HOMEPATH%\lQUsAwws\jOkYYoEQ.exe'
- [<HKLM>\System\CurrentControlSet\Services\TYAcUwRc] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\TYAcUwRc] 'ImagePath' = '%ALLUSERSPROFILE%\ekUEkAMU\liIQEwQE.exe'
- 'TYAcUwRc' %ALLUSERSPROFILE%\ekUEkAMU\liIQEwQE.exe
- %HOMEPATH%\lqusawws\jokyyoeq
- %ALLUSERSPROFILE%\wwiqmcim\lykkskik
- %HOMEPATH%\lqusawws\jokyyoeq.exe
- %ALLUSERSPROFILE%\ekuekamu\liiqewqe.exe
- %WINDIR%\syswow64\config\systemprofile\lqusawws\jokyyoeq
- %ALLUSERSPROFILE%\iyae.txt
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'lykkskIk.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\lqusawws\jokyyoeq.exe'
- '%ALLUSERSPROFILE%\ekuekamu\liiqewqe.exe'