Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'XekcEYow.exe' = '%HOMEPATH%\QWwMQgQs\XekcEYow.exe'
- [<HKLM>\System\CurrentControlSet\Services\VUsQgUTV] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\VUsQgUTV] 'ImagePath' = '%ALLUSERSPROFILE%\iegIgsoo\bKUIEMsU.exe'
- 'VUsQgUTV' %ALLUSERSPROFILE%\iegIgsoo\bKUIEMsU.exe
- %HOMEPATH%\qwwmqgqs\xekceyow
- %ALLUSERSPROFILE%\zuaqsqqg\uukacguq
- %HOMEPATH%\qwwmqgqs\xekceyow.exe
- %ALLUSERSPROFILE%\iegigsoo\bkuiemsu.exe
- %WINDIR%\syswow64\config\systemprofile\qwwmqgqs\xekceyow
- <Current directory>\zewc.exe
- <Current directory>\zewc.exe
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'uukAcgUQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\qwwmqgqs\xekceyow.exe'
- '%ALLUSERSPROFILE%\iegigsoo\bkuiemsu.exe'