Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'yQIocgEI.exe' = '%HOMEPATH%\ngEwwQYs\yQIocgEI.exe'
- [<HKLM>\System\CurrentControlSet\Services\VcQQYIou] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\VcQQYIou] 'ImagePath' = '%ALLUSERSPROFILE%\oWcwwcIY\vWMsQcYM.exe'
- 'VcQQYIou' %ALLUSERSPROFILE%\oWcwwcIY\vWMsQcYM.exe
- %HOMEPATH%\ngewwqys\yqiocgei
- %ALLUSERSPROFILE%\weygakqe\bkqoaaqi
- %HOMEPATH%\ngewwqys\yqiocgei.exe
- %ALLUSERSPROFILE%\owcwwciy\vwmsqcym.exe
- %WINDIR%\syswow64\config\systemprofile\ngewwqys\yqiocgei
- %ALLUSERSPROFILE%\cqoi.txt
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'BKQoAAQI.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\ngewwqys\yqiocgei.exe'
- '%ALLUSERSPROFILE%\owcwwciy\vwmsqcym.exe'