Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'IisYAoIQ.exe' = '%HOMEPATH%\ueQMMYwc\IisYAoIQ.exe'
- [<HKLM>\System\CurrentControlSet\Services\XoMIkoDF] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\XoMIkoDF] 'ImagePath' = '%ALLUSERSPROFILE%\faMQwMAA\JQkkgcoY.exe'
- 'XoMIkoDF' %ALLUSERSPROFILE%\faMQwMAA\JQkkgcoY.exe
- %HOMEPATH%\ueqmmywc\iisyaoiq
- %ALLUSERSPROFILE%\iqycmgou\iaqsiyaw
- %HOMEPATH%\ueqmmywc\iisyaoiq.exe
- %ALLUSERSPROFILE%\famqwmaa\jqkkgcoy.exe
- %ALLUSERSPROFILE%\dqgg.txt
- %WINDIR%\syswow64\config\systemprofile\ueqmmywc\iisyaoiq
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'iaQsIYAw.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\ueqmmywc\iisyaoiq.exe'
- '%ALLUSERSPROFILE%\famqwmaa\jqkkgcoy.exe'