Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Ouvzz' = '%APPDATA%\Qifnt\Ouvzz.url'
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %APPDATA%\qifnt\oxada.exe
- %APPDATA%\qifnt\ouvzz.url
- '10#.#8.141.253':443
- '%APPDATA%\qifnt\oxada.exe'
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'